While employee negligence is common and costly, it is not as costly as criminal data theft. In our latest cost study, we drill down on the real price of the insider threat.
The 2016 Cost of Insider Threats, sponsored by Dtex, reveals the direct and indirect costs that result from insider threats. In this study we define three types of insider threat:
- A careless or negligent employee or contractor
- A criminal or malicious insider
- A credential thief
We interviewed 280 IT and IT security practitioners in 54 organizations between April and July 2016. Each organization experienced one or more material events caused by an insider. These organizations experienced a total of 874 insider incidents over the past 12 months. Our targeted organizations had a global headcount of 1,000 or more employees located throughout the U.S.
Impostor risk is the most costly
The cost ranges significantly based on the type of incident. If it involves a negligent employee or contractor, the incident can average $206,933. The average cost more than doubles if the incident involves and impostor or thief who steals credentials ($493,093). Criminal and malicious insiders cost the organizations represented in this research an average of $347,130. The activities that drive costs are: monitoring & surveillance, investigation, escalation, incident response, containment, ex-post analysis and remediation.
The negligent insider is the root cause of most incidents
Most incidents in this research were caused by insider negligence. Specifically, the careless employee or contractor was the root cause of almost 600 (598) of the 874 incidents reported. The most expensive incidents, due to impostors stealing credentials, were the least reported and totaled 85 incidents.
Organizational size and industry affects the cost per incident
The cost of incidents varies according to the size of the organization. Large organizations with a headcount of more than 75,000 spent an average of $7.8 million to resolve the incident. To deal with the consequences of an insider incident, organizations with a headcount between 1,000 and 5,000 spent an average of $2 million. Financial services, retail, industrial and manufacturing spent an average of $5 million.
The entire report can be downloaded here:
https://dtexsystems.com/cost-of-insider-threat/
