Latest research from Ponemon Institute, sponsored by Dtex, reports an average of $4.3 million spent annually on mitigating and resolving insider threats.
Dtex Systems™, a leading insider threat solution provider, today highlighted findings from a new benchmark study released by the Ponemon Institute, focused on quantifying the financial impact of insider threats on the enterprise. The report, titled ‘2016 Cost of Insider Threats,’ revealed that organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents – with that spend surpassing $17 million annually in the most significant cases.
Historically, the definition of an insider threat required it to be malicious or criminal in nature, but this latest research broadens that scope to include three distinct types: employee or contractor negligence, criminal or malicious insiders, and user credential theft.
“External forces, or the possibility of an external attack, have commanded the focus and attention of today’s IT leaders with the perception that they pose the biggest threat to the enterprise,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Our study is the first of its kind to uncover the equally substantial – and, at times, devastating – effects that insider threats can impose on an organization, from mitigation and detection through resolution and investigation.”
NEGLIGENCE IS MOST COSTLY
While the report notes that user credential theft and malicious or criminal activity carried a more substantial cost-per-incident, the frequency and volume of insider incidents caused by employee and contractor negligence recorded the highest annual cost, averaging nearly $2.3 million.
“Companies perceive insider threat as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness,” said Christy Wyatt, CEO at Dtex Systems. “This study underscores what we’ve seen for many years now: well-intentioned employees don’t always fully understand what puts both them and valuable company information at risk. In working with a wide range of organizations, of all sizes and across all industries, we’ve found that capturing and analyzing user activity at the endpoint is essential to rapidly identifying careless behavior and minimizing any impact.”
LEGACY SOLUTIONS FALL SHORT
In addition to aggregating the costs resulting from insider-related incidents, the study analyzed the technologies and solutions deployed across the organizations surveyed to address insider threats, as well as the effectiveness of those solutions as measured in incremental cost savings.
In line with expectations, legacy solutions – such as data loss prevention (DLP), user awareness and training, and network intelligence – ranked among the most frequently deployed tools (at 46 percent, 43 percent, and 35 percent respectively). Yet, despite being the most pervasive, the incremental cost savings driven by these legacy technologies were among the lowest recorded, with network intelligence and user training yielding $0.3 million.
At the same time, the survey showed the average time to contain an insider-related incident across the same organizations was 65.4 days – and noted the total annualized cost for an incident lasting more than 60 days averaged $4.5 million, climbing to $5.7 million after 90 days.
While the solution categories that have emerged more recently – such as user behavior analytics (UBA) and threat intelligence – inevitably recorded less traction, they delivered the highest incremental cost savings at $1.1 million and $0.8 million respectively.
“We found that solutions focused on visibility and transparency, rather than stringent controls and limitations, are driving the most impact in terms of cost savings and return on investment,” said Ponemon. “Our recommendation for combatting costly insider threats is building a layered defense that delivers a comprehensive range of capabilities across visibility, detection, context, and rapid response.”