Study reveals costly effects of insider threats on the enterprise
Average of $4.3 million spent annually on mitigating and resolving insider threats.
A new benchmark study released by research firm Ponemon Institute revealed that organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents – with that spend surpassing $17 million annually in the most significant cases.
Historically, the definition of an insider threat required it to be malicious or criminal in nature, but this latest research broadens that scope to include three distinct types: employee or contractor negligence, criminal or malicious insiders, and user credential theft.
The fact is that a significant portion of the risk is due to insider carelessness."
"External forces, or the possibility of an external attack, have commanded the focus and attention of today's IT leaders with the perception that they pose the biggest threat to the enterprise," said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Our study is the first of its kind to uncover the equally substantial – and, at times, devastating – effects that insider threats can impose on an organization, from mitigation and detection through resolution and investigation."
Negligence is most costly
While the report notes that user credential theft and malicious or criminal activity carried a more substantial cost-per-incident, the frequency and volume of insider incidents caused by employee and contractor negligence recorded the highest annual cost, averaging nearly $2.3 million.
"Companies perceive insider threat as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness," said Christy Wyatt, CEO at Dtex Systems. "This study underscores what we've seen for many years now: well-intentioned employees don't always fully understand what puts both them and valuable company information at risk. In working with a wide range of organizations, of all sizes and across all industries, we've found that capturing and analyzing user activity at the endpoint is essential to rapidly identifying careless behavior and minimizing any impact."
Posted: 09/01/2016 12:21:00
Posted: 03/24/2017 15:00:00
Posted: 04/11/2017 23:36:00