"Global Cybersecurity Study: Insider Threats Cost Organizations $15.4 Million Annually, up 34 Percent from 2020"
Proofpoint has released its 2022 Cost of Insider Threats Global Report, which delves into the costs and trends associated with negligent, compromised, and malicious insiders. Findings shared in the report come from a survey of more than 1,000 IT and security practitioners across North America, Europe, the Middle East, Africa, and Asia-Pacific. Each organization that participated in the study faced one or more incidents caused by an insider. The report reveals that the frequency and costs of insider threats have increased significantly across all three insider threat categories over the last two years. These categories include negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft. According to the report, organizations impacted by insider threats spent, on average, $15.4 million yearly on overall insider threat remediation and took over 80 days to contain each incident. The number of insider threat incidents increased by 44 percent in two years. Over 50 percent of reported insider threat incidents were caused by a careless employee or contractor, costing an average of $484,931 per incident. Malicious insiders were the root cause of 1 in 4 incidents, with an average cost per incident being $648,062. Credential theft incidents have doubled, costing organizations an average of $804,997 per incident, making this type of incident the most costly to remediate. Financial services and professional services have the highest average activity costs, with the average activity cost for financial services being $21.25 million and $18.65 million for professional services. Over the past year, large organizations with more than 75,000 employees spent an average of $22.68 million, while smaller-sized organizations with under 500 employees spent an average of $8.13 million to deal with the consequences of insider-related incidents. Proofpoint also noted that employees, contractors, and other organizational insiders are an attractive attack vector for cybercriminals because of their access to critical systems, data, and infrastructure. This article continues to discuss key findings from the 2022 Cost of Insider Threats Global Report and the different factors that put organizations at risk of insider threat incidents.