The Financial Cost of an Insider Threat

Data breaches and malicious attacks can compromise the security of your company and create a large financial burden. 

Data breaches come in all shapes and sizes and they will affect a large organization just as much, if not more than smaller organizations. From malicious attacks to cybercriminal credential theft, your organization needs to protect your company data from being exploited.

To better understand why your company needs to protect against an insider threat, this article will break down the following:

  • What an insider threat is
  • The insider threat cost
  • Ways to minimize the financial risk of an insider threat
  • And how to protect your business from an insider threat

What is an Insider Threat?

An insider threat is someone who either intentionally or unintentionally made sensitive data from your company available for use in a malicious attack against an organization. This type of data breach is different from an external cyber attack. 

An insider threat might come from a disgruntled employee, but this is not always the case. Accidental insider threats are also possible and should be accounted for in an insider threat program.

A malicious insider or negligent insider incident can also come from: 

  • Contractor negligence and their subcontractor(s)
  • A former employee or departing employee
  • Third-party vendor
  • Anyone with access to the physical or cyberspace of your company
  • Business associates
  • Anyone with access to your organization’s security practices, computer systems, and data
  • Careless employee (as opposed to a malicious employee)

An insider attack is one of the most common types of data breaches that a company can experience and they pose a high-security risk. Insiders, or anyone who gains access to the sensitive information of a company, are not forced to keep a company’s information private. There are two main insider threat types that can occur: either a malicious insider threat or a negligent insider. 

A malicious insider threat is when the data is obtained by the insider deliberately in order to create large financial and widespread company losses. 

Comparatively, a negligent insider is someone with access to your company’s data who unknowingly allows malicious attacks to occur. This might be because a company has not implemented proper training, the insider or employee is a chance victim, a negligent employee who executes poor decision making, or a targeted employee. 

Insider Threat Cost

The 2020 industry benchmark Global Report on The Cost of Insider Threats (independently conducted by the Ponemon Institute and sponsored by IBM Security and ObserveIT)  found that across 204 companies, negligent employees or contractors were the root cause of 2,962 reported insider threat incidents out of 4,716. 

Negligence occurred 63% of the time. A credential theft incident occurred 23% of the time, and a criminal insider 14% of the time.

The overall cost of an insider threat incident was $11.45 million. Negligence cost companies around $4.58 million and a criminal insider cost companies $4.08 million. Credential theft was also one of the top three costs of insider threats at $2.79 million. Credential theft remediation itself cost companies $871,686.

This report also suggested that the rate of global insider threat cost rose by 31% in only two years. This increase was in line with the frequency of incidents spikes (about 47% more). 

In 2020, the cost of an insider is now $11.45 million, with the highest associated cost being the containment period at approximately $211,533 per company per year. The cost of investigating a security incident is also rising, up by 86%, most likely due to changing parameters over mitigating and investigating cases for insurance and fraud purposes. 

As is common with all security incidents, the longer that the incident lasts, the most costly it becomes. The average security incident takes 77 days to be contained. If it takes longer than 90 days for the incident to be contained, the cost averages around $13.71 million. 

How to Minimize the Financial Risk of an Insider Threat

There are a number of factors to consider when protecting your company against organizational insiders and malicious activity. These factors are usually rolled into a cybersecurity plan and incident response plan. 

Here are some things to consider when minimizing the financial and security risk associated with an insider threat:

  • Develop an insider threat management plan that works in conjunction with your cybersecurity plan.
  • Figure the cost organizations lose when hit by a credential thief, a negligent employee, and a negligent or malicious contractor or third-party vendor.
  • Prepare scenarios for insider breach and external breach remediation protocol.
  • Provide awareness training to prevent an insider breach from a negligent employee.
  • Run threat detection scenarios so insider threat detection response time is minimized.
  • Assume a malicious insider threat will target your organization and invest in physical and cyber security to detect these threats.
  • Deploy an employee monitoring software that will alert your organization to cybersecurity incidents both from external cybercriminals and malicious insider threats.

Protect Your Business from an Insider Threat

A security incident can happen to any size organization. It is up to your security team to minimize external threats and to prepare your company for the inevitable security incident.

Protect your business from an insider threat by preparing an insider threat management plan and cybersecurity response plan. You should consider investing in employee monitoring software, which will monitor typical employee behaviors, track and report security incidents, and protect against unwarranted internet activity.

By SoftActivity Team

July 13th, 2020