Cost of insider risk soars as defenses fail to keep pace
In 2023, the total average annual cost of an insider risk increased to $16.2 million, a 40 percent increase over a four-year period.
This is among the findings of a new insider risks report from DTEX Systems, based on research from the Ponemon Institute. The study also shows that the average number of days taken to contain an insider incident has increased to 86 days.
It's not surprising then that the findings show that almost half (46 percent) of organizations are planning to increase their investment in insider risk programs in 2024. The study also found that 77 percent of organizations have started or are planning to start an insider risk program.
"We are encouraged that organizations plan to increase investments in insider risk programs because it’s required by customers and new industry regulations -- not just because of previous incidents. This is a significant change that portends long-overdue attention and prioritization," DTEX Systems CTO Rajan Koo says.
Despite the growing cost of insider risks, 88 percent of organizations are spending less than 10 percent of their total IT security budget on insider risk management. Organizations surveyed had an IT security budget of $2,437 per employee, yet only 8.2 percent (equivalent to $200 per employee) was allocated specifically to insider risk programs and policies. The remaining 91.8 percent of the budget was spent on external threats, despite more than half of organizations saying social engineering is a leading cause of all outside attacks.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute says, "Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organization's sensitive data. We believe this study is unique because it analyzes the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs. Such information is beneficial in creating a strategy to deal more effectively with the insider risk while reducing the costs."
You can get the full report from the DTEX site.