Ransomware attacks and major data breaches from external threat actors often grab the headlines, but organizations must continue to look inward for cyber incidents that can deliver some of the worst financial consequences. Consider that these incidents often arise through those entrusted with access to and within the organization itself.
Insider threats, both inadvertent and malicious, have risen 44 percent over the last two years, with costs per incident up more than one-third to $15.5 million globally. An average of $184,548 is spent to contain insider threats, with business interruption costs (23 percent of total) typically being the greatest expense.1
In a study of 6,803 insider incidents reported over a 12-month period:
- 56 percent arose out of negligence, with examples of conduct such as failures to secure devices, follow company security policy or to patch and upgrade devices.
- 26 percent were due to criminal insider activity– malicious insiders, including employees or authorized individuals who use their data access for harmful, unethical or illegal activities.
- And 18 percent of incidents involved credential theft to granting access to critical data and software. While credential theft represents the lowest number of incidents, it is the costliest, amounting to an average of $804,997 per incident.
“Insiders” are any individuals – including employees, contractors and vendors, among others -- with authorized access to business systems, data and assets, whether physical or electronic. They pose a threat because they can intentionally, negligently or unknowingly harm an organization as a result of their actions. These actions may include the exposure or theft of assets or proprietary or confidential information resulting in damage to the organization’s operational ability, integrity or reputation, and other financial, business or social consequences.