DTEX Systems, the global leader for insider risk management, today released the 2023 Cost of Insider Risks Global Report, independently conducted by the Ponemon Institute. The average annual cost of an insider risk has increased to $16.2M ? a 40% increase over four years. Meanwhile, the average number of days to contain an insider incident has increased to 86 days.
In addition to analyzing the costs incurred when an organization experiences an insider security incident, this year's study includes first-time insights into how organizations are funding insider risk programs. The findings show that almost half (46%) of organizations are planning to increase their investment in insider risk programs in 2024. The study also found that 77% of organizations have started or are planning to start an insider risk program.
"We are encouraged that organizations plan to increase investments in insider risk programs because it's required by customers and new industry regulations ? not just because of previous incidents. This is a significant change that portends long-overdue attention and prioritization," said DTEX Systems CTO Rajan Koo.
The momentum around insider risk management comes amid a backdrop of soaring costs, frequency, and time to contain insider-related security incidents. According to research analyst Gartner, insider risk management refers to "the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts within the organization."
Despite the growing cost of insider risks, 88% of organizations spent less than 10% of their total IT security budget on insider risk management. Organizations had an IT security budget of $2,437 per employee, yet only 8.2% (equivalent to $200 per employee) was allocated specifically to insider risk programs and policies. The remaining 91.8% of IT security budget was spent on external threats, despite more than half of organizations attributing social engineering as a leading cause of all outside attacks.
Koo said the findings show that budgets are being wasted on reactive "symptom management" despite growing evidence that the root cause starts within. "The findings demonstrate that the human, manifested as an insider risk, is the leading cause of all data breaches ? including the socially engineered," he said. "This highlights a widespread misunderstanding of the types of insider risks and the failure to proactively protect customer data and IP."
The 2023 Cost of Insider Risks Global Report is a comprehensive study to understand the financial consequences of insider risks caused by negligent or mistaken employees, outsmarted employees (including insider incidents related to credential theft), or malicious insiders. It is based on responses from 1,075 security or line of business practitioners in 309 organizations in North America, Europe, Middle East, Africa, and Asia-Pacific regions.
Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute commented: "Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organization's sensitive data. We believe this study is unique because it analyzes the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs. Such information is beneficial in creating a strategy to deal more effectively with the insider risk while reducing the costs."
Key findings of the 2023 Cost of Insider Risks Global Report include:
Read the complete 2023 Cost of Insider Risks Global Report here.
Hear Dr. Larry Ponemon and DTEX's Rajan Koo discuss the key findings in our upcoming videocast with Christopher Burgess.
The 2023 study surveyed organizations in North America, Europe, the Middle East, Africa, and Asia-Pacific with a global headcount of 500 to more than 75,000 over a two-month period concluding in May 2023. In this year's study, the Ponemon Institute interviewed 1,075 IT and IT security practitioners in 309 organizations that experienced one or more material events caused by an insider. A total of 7,343 insider incidents are represented in this research.
About DTEX Systems
As the global leader for insider risk management, DTEX empowers organizations to prevent data loss and support a trusted workforce by stopping insider risks from becoming insider threats. Its InTERCEPTtm platform consolidates Data Loss Prevention, User Behavior Analytics and User Activity Monitoring in a single light-weight platform to detect and mitigate insider risks well before data loss occurs. Combining AI/ML with behavioral indicators, DTEX enables proactive insider risk management at scale without sacrificing employee privacy or network performance. To learn more about DTEX Systems, please visit www.dtexsystems.com. Connect with DTEX: LinkedIn | Twitter | YouTube
These press releases may also interest you