Cybersecurity - the cost in time and money

Proofpoint has released its Cost of Insider Threats 2020 Global Report to identify the costs and trends associated with negligent, compromised, and malicious insiders. Notably, on average, impacted organisations spent $11.45 million annually on overall insider threat remediation and took 77 days to contain each incident.

  • 4 years ago Posted in
Organisations impacted by insider threats spent an average of $11.45 million annually—that’s up 31 percent from $8.76 million in 2018.

 

More than 60 percent of reported insider threat incidents were the result of a careless employee or contractor and 23 percent were caused by malicious insiders. A total of 14 percent of all insider threat incidents involved cybercriminals stealing credentials.

 

The number of incidents has also increased by a staggering 47 percent in just two years, from 3,200 in 2018 to 4,700 in 2020.

 

The longer an insider threat incident lingers, the costlier it gets. Incidents that took more than 90 days to contain cost organisations $13.71 million on an annualised basis, while incidents that lasted less than 30 days cost roughly half, at $7.12 million. It takes an average of more than two months (77 days) to contain an insider incident.

 

“Organisational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure”, said Mike McKee, executive vice president and general manager of Insider Threat Management for Proofpoint. “With an average cost of more than $600K per incident, insider threats must be a leading concern for companies worldwide.”

 

The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific. Each organisation included in the study experienced one or more material events caused by an insider.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...