The Neglected Threat: Insider Risks Remain Unaddressed in Cyber Budgets

By Greg Tavarez, TMCnet Editor  |  September 25, 2023

Organizations allocate their financial resources for safeguarding their digital assets. This is encouraged because anything that protects important digital assets from outside threats is obviously a plus. However, there's often a conspicuous gap in addressing the critical factor behind many data breaches:

Insider threats.

In fact, a new global study by the Ponemon Institute (News - Alert) and DTEX Systems reveals that insider risks, such as data breaches, fraud and sabotage, are costing organizations an average of $16.2 million per year. This is a 40% increase from four years ago, when the average annual cost was $11.5 million.

But what exactly are insider threats?

Insider threats encompass the vulnerabilities posed by individuals with authorized access to an organization's systems and data, including employees, contractors and collaborators. These insiders, either intentionally or inadvertently, compromise security, making them a significant risk factor. 

The study identified three types of insider risks: careless or negligent employees, criminal or malicious insiders, and credential thieves. The most common type of insider risk was careless or negligent employees; this accounted for 62% of all incidents. However, the most costly type of insider risk was credential thieves, who stole or compromised the credentials of other users and caused an average of $2.79 million in damages per incident.

Based on the results from the study, organizations are struggling to detect and prevent insider risks, and very few have a mature insider risk program. The main challenges include lack of budget, lack of staff, lack of visibility and lack of collaboration among departments.

To effectively tackle this issue, organizations must take a proactive and holistic approach to insider risk management. This includes implementing user activity monitoring, behavioral analytics, data loss prevention and employee awareness training.

Implementing user activity monitoring involves tracking and analyzing the actions of individuals who have access to an organization's systems and data to help in early detection of potential insider threats by flagging unusual or high-risk actions.

Behavioral analytics utilizes machine learning and AI algorithms to establish a baseline of normal user behavior. By continuously analyzing user actions and comparing them to this baseline, organizations can identify deviations that might indicate insider threats.

Data loss prevention solutions help organizations prevent the unauthorized sharing or leakage of sensitive data. This involves setting policies and rules that control how data is accessed, used, and shared. 

Employee awareness training programs educate staff about the risks associated with insider threats and provide guidelines on best practices for data security. Training covers topics such as recognizing phishing attempts, protecting login credentials and reporting suspicious activities. An informed and vigilant workforce is a critical component of insider risk management.

“Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organization’s sensitive data,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We believe this study is unique because it analyzes the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs.

By reallocating resources and adopting a more holistic strategy, organizations can proactively mitigate the root causes of data breaches and enhance their overall cybersecurity posture.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]