Insider Threat Costs Surge

Hilary Tuttle


April 1, 2020

According to a study by Proofpoint and the Ponemon Institute, the average global cost of insider threats has increased 31% over the past two years and incident frequency has surged 47%. Negligent insiders made up 62% of incidents at an average of $307,000 per incident for a total annual cost of $4.58 million across respondents. The most expensive incidents were due to credential theft, wherein criminals target insiders’ login information to gain unauthorized access to applications and systems. These cost an average $871,000 per incident and accounted for 23% of cases, exacting a $2.79 million annual toll. Criminal insiders, who intentionally cause damage from inside a company, made up 14% of cases at an average cost of $756,000.

Companies are spending 60% more on dealing with insider threats than three years ago, largely focusing on containment, detection and investigation. Detecting incidents more quickly can have a profound effect, with costs ballooning from $7.12 million for cases contained in 30 days to $13.7 million for incidents that took more than 90 days to contain. Company size also drives costs, with large organizations (more than 75,000 employees) spending an average of $17.92 million, and smaller organizations (fewer than 500) spending an average of $7.68 million.

Hilary Tuttle is managing editor of Risk Management.