Ronald Hudson - Fotolia

Get started Bring yourself up to speed with our introductory content.

Insider threat report tracks annual cost of theft, carelessness

The Ponemon Institute study "2018 Cost of Insider Threats" examines the cost to companies victimized by material insider threat incidents during the past 12 months.

This article can also be found in the Premium Editorial Download: Information Security magazine: CISOs face the IoT security risks of stranger things

A new insider threat report found credential theft costs more than twice as much to resolve than incidents involving insider negligence by employees and contractors. Negligent insiders are the "root cause" of most reported events and represent the highest total annual cost to companies, according to researchers. However, imposters who steal credentials cost organizations an average of $648,846 per incident, compared to $283,281 for a security event involving carelessness.

The Ponemon Institute study "2018 Cost of Insider Threats: Global Organizations" looked at the direct and indirect costs of companies that experienced one or more material event caused by an insider during a 12-month period ending in January. Researchers interviewed 717 security and IT professionals in 159 organizations located in North American, Europe, Asia-Pacific, the Middle East and Africa. The job functions that participated in the insider threat report in the largest segments included CISOs (16%), IT operations practitioners (14%), IT technicians (13%) and CIOs (11%).

The 159 benchmarked companies experienced a total of 3,269 insider threat incidents during the 12-month timeframe, with a total average cost of $8.76 million, according to those surveyed. The insider threat report looked at costs related to loss of data and intellectual property, downtime and productivity loss, damages to equipment and assets, threat detection and remediation, legal and regulatory impact, and diminishment of brand and reputation. The costs were analyzed using an activities-based framework that included monitoring and surveillance, escalation, incident response, containment, investigation, remediation and post-event analysis. Not surprisingly, the total annual cost increased with the size of the company in terms of headcount, from $1.8 million at smaller organizations with 500 or fewer employees to $20 million at global organizations with 75,000 employees or more.

Costs that result from insider threats

Ponemon's latest insider threat report followed a North American benchmark study the research firm conductred in 2016. According to the 2018 research, North American companies reported the highest number of insider threat incidents, and Asia-Pacific companies indicated the lowest. The 2018 insider threat report was sponsored by ObserveIT.

This was last published in June 2018

Dig Deeper on Security awareness training and insider threats

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How do the costs of insider threat detection and prevention compare to other security incidents?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close