author photo
By Bruce Sussman
Wed | Feb 5, 2020 | 5:30 AM PST

Cyberattacks against organizations come from all directions.

And increasingly, they're coming from within.

The Ponemon Institute just released its 2020 Cost of Insider Threats Report which reveals insider losses reaching their highest levels on record.

Insider threat costs and losses: the numbers

According to Ponemon research:

"The average annual cost of Insider Threats has skyrocketed in only two years, rising 31% to $11.45 million."

And the size of your organization changes the average cost for an insider threat incident, according to the report.

"Large organizations with a headcount of more than 75,000 spent an average of $17.92 million over the past year. To contrast, smaller organizations with a headcount below 500 spent an average of $7.68 million."

At our SecureWorld cybersecurity conferences we've heard about many insider threat cases that led to millions in business losses.

That includes an AT&T Wireless insider threat case where a cybercriminal activated insiders via social media.

What are the different types of insider threats?

The new Ponemon report, sponsored by ObserveIT and IBM, also breaks down different categories of insider threats by percentages.

  • 62% of incidents are by negligent insiders.
  • 37% of incidents are by criminal or credential insiders.

And on a per incident basis, the criminal and credential insider incidents are by far the most expensive.

Why are insider threats so damaging?

We asked Dr. Larry Ponemon why insider threats tend to be so damaging to an organization. He says part of the problem with malicious insiders is that no one wants to believe the worst.

"We found that companies err on the side of goodness. They don't want to accuse somebody without full evidence of a crime, so they write it off as negligence," he tells SecureWorld. 

"And we discovered insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."

Listen to my recent fireside chat with Dr. Ponemon on The SecureWorld Sessions podcast: