Organizations’ Average Spending for Insider Cybersecurity Incidents Increased by 31% in 2 Years

The new Ponemon Institute research reveals that the occurrence of cybersecurity incidents due to insiders has gone up by 47% in the last two years. The average yearly global cost due to those cybersecurity incidents is higher by 31% over the same time period. The average yearly cost of insider incidents is now $11.45 million.

The research 2020 Cost of Insider Threats study was performed on behalf of ObserveIT, a Proofpoint company. Participants of the survey included 964 IT and security specialists from 204 organizations in Europe, North America, Africa, the Asia-Pacific, and the Middle East.

There were three categories of insider incidents:

  • Incidents that were due to errors made by employees – the negligent insiders
  • Incidents caused by employees and contractors with the intention to harm the organization – the criminal insiders
  • Incidents that involve using insiders’ login information to access applications, systems, and data – the credential insiders

In the last one year, there were 4,716 insider incidents. Credential insiders’ incidents were the most expensive to handle. The average cost of one credential insider incident was $871,000 and the total cost per year was $2.79 million The average cost of one criminal insider incident was $756,000 and the total cost per year was $4.08 million. The average cost of one incident due to negligent insiders was $307,000 and the total cost per year was $4.58 million. 62% of incidents were caused by negligent insiders, 23% were caused by credential insiders, and 14% were caused by criminal insiders.

Organizations spend 60% more on insider incidents now compared to three years ago. The costs went up by 25% since 2018. The highest expenditure goes to insider incidents investigation, which increased by 86% in the last three years. The study showed that the largest cost with an average of $211,533 per year goes to restricting attacks.

The average number of days to contain an incident is 77 days. If it takes longer, the cost is higher. The average cost of incidents that were contained in less than 30 days is $7.12 million. The average cost of incidents that were contained in over 90 days is $13.71 million.

The cost of incidents goes up in proportion to the size of the organization. Organizations having over 75,000 employees suffered the biggest costs due to insider incidents. The average cost spent on insider incidents is $17.92 million in the last 12 months. Organizations having 500 or fewer workers suffered an average cost of $7.68 million due to insider incidents.

The yearly costs of insider incidents differed substantially by the industry sector. The average spending of companies belonging to the financial services sector was $14.5 million last year for insider incidents. The education and research sector had the lowest annual costs of $8.85 million. The average spending of the health and pharmaceutical sector was $10.81 million last year for insider incidents.

About Christine Garcia 1191 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA