Assessing the Usefulness of Insider Risk Management Programs

March 6, 2025 Christine Garcia HIPAA News

In 2024, the healthcare sector was shaken by the Change Healthcare ransomware attack causing significant disruption to medical services throughout the country. The protected health information (PHI) of over 190 million people. As per Kroll, the most attacked sector was healthcare, it was the finance sector in 2023. Although hacking was the major cause of breaches in 2024, numerous cybersecurity problems were caused by malicious and negligent insiders. Such incidents are expensive to deal with.

Ponemon Institute conducted a study recently together with DTEX Systems to determine the frequency of insider breaches, their financial consequence, and the way institutions are handling insider risk. The survey showed that more companies are implementing insider risk management plans. About 81% of companies implement an insider risk management program in 2024 compared to 77% in 2023. The amount of money spent on IT security dedicated to insider risk management also more than doubled from 8.2% (2023) to 16.5% (2024). Although it is good to know that companies are giving more importance to insider risk management, 45% of surveyed organizations stated the amount of money for their insider risk management plans is not enough.

DTEX Systems revealed an increase in insider incidents, from 7,343 cases in 2023 to 7,868 cases in 2024. Nevertheless, a desired effect is noticed from the insider risk management programs. Even though the number of incidents increased year-over-year, the rate of occurrence has dropped. In 2024, 57% of surveyed organizations reported they had encountered over 21 insider incidents per year compared to 71% in 2023.

The Cost of Insider Risks benchmarking study is in its 6th year. Comparing 2023 with 2024, a decline is seen in the length of time to control an insider breach from 86 days to 81 days. The quicker the breach is controlled, the cheaper the cost. DTEX Systems states that the average cost to control incidents in 31 days is $10.6 million. The cost is $18.7 million to control incidents in 91 days.

  • The most typical reasons for insider incidents are the following:
  • monetary profit (55%)
  • convenience for example using AI or LLMs to help accomplish work tasks (55%)
  • professional issues 948%
  • nationalism (37%)

The causes of insider incidents include the following:

  • 4,321 incidents due to mistaken or negligent insiders had an average cost of $676,517 per incident in 2024 compared to $505,113 in 2023
  • 1,995 malicious insider incidents cost an average of $715,366 per incident in 2024 compared to $701,500 in 2023
  • 1,552 incidents were due to being outsmarted through credential theft with an average cost of $779,797 per incident in 2024 compared to $679,621 in 2023

Companies in the United States spent $22.2 million resolving insider incidents. The healthcare and pharmaceutical industry had the highest costs of $29.2 million, followed by technology and software with a cost of $23 million.

The increasing cost of post-incident activity has resulted in the increase of average yearly insider breach expenses from $16.2 million (2023) to $17.4 million (2024). The containment and incident response cost in 2024 were $211,021 and $154,819 respectively, greater than in 2023, which were $179,209 and $113,635, respectively. The most expensive effects of insider incidents are dysfunction or outages, which is about 24% of the cost.

According to the survey respondents, the benefits of having an insider risk management program are:

  • saves time when responding to a data breach (answered by 63% of respondents)
  • protects brand name (answered by 61%)
  • lowering data breach costs (answered by 59%)
  • averting regulatory penalties (answered by 59%)

The specific advantages of an insider risk management program according to the respondents are:

  • ability to preempt a data breach through the discovery of insider risk at the beginning of the kill chain (answered by 65% of respondents)
  • a better understanding of human behavior (answered by 61%)
  • ability to use a proportionate response with worker behavior (answered by 59%)
  • ability to understand worker behavior in the context of normal behavior in the organization (answered by 56%)

Assessments of insider risk management programs showed

  • a decrease in insider incidents (answered by 45%)
  • shorter resolution times (answered by 43%)
  • quicker investigations (answered by 39%)
About Christine Garcia 1218 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA
Twitter