The 2023 DTEX systems Cost of Insider Risk Report has revealed a concerning growth in insider threats resulting in increased risk to organizations.
What happened?
Insider security threats have sharply increased in recent years, with the average annual cost to organizations soaring to $16.2 million. This alarming surge, as revealed in the 2023 Cost of Insider Risks Report by DTEX Systems, signifies a growing financial impact of insider risks. The report categorizes these threats into malicious and non-malicious incidents, encompassing a range of activities from espionage to negligence. Notably, though less common, malicious insider incidents prove to be the most expensive to resolve.
Related: Tesla's major data breach was an inside job
Going deeper
The report's insights paint a nuanced picture of the evolving landscape of insider security threats. These threats are multifaceted, falling into two main categories: malicious and non-malicious incidents.
Malicious incidents involve insiders intentionally causing harm, encompassing activities like espionage, IP theft, fraud, and even workplace violence.
Non-malicious incidents result from negligence or insiders being outsmarted by external adversaries, such as falling victim to phishing or Business Email Compromise (BEC) attacks.
Particularly striking is the financial impact of these incidents. While malicious insider actions are less frequent, they prove to be the costliest to resolve, with an average price tag of $701,500 per incident. Moreover, the time required to contain these incidents has slightly increased, from 85 days in the previous year to 86 days in 2023. This extended containment period directly contributes to the higher costs incurred by organizations, underlining the need for more effective strategies in managing and mitigating these escalating insider security threats.
Why it matters
The report's findings indicate a concerning trajectory in insider security risks, marked by rising incident costs, frequency, and containment times, signaling the inadequacy of current risk management approaches. This concerning trend is exacerbated by the misallocation of funding, often stemming from a widespread misunderstanding of how insider risks manifest, especially in their early warning signs.
On a more optimistic note, there is a growing recognition among organizations of the need to establish insider risk programs. Many are actively seeking executive support and budget allocation to champion these initiatives. This aligns with research by prominent industry analysts such as Forrester, Gartner, MITRE Corporation, and Verizon, all of whom underscore the central role of human factors in data breaches, increasingly attributed to insiders.
The bigger picture
The report advocates for a holistic industry-wide approach, calling for education and common ground to define and discuss insider risks effectively.
On a positive note, organizations are beginning to grasp the significance of insider risk management, with 77% planning or initiating programs and seeking executive buy-in. These findings align with research from renowned analysts, highlighting the undeniable centrality of human factors in data breaches. By prioritizing insider risk management, organizations stand to proactively mitigate these threats before they burgeon into costly incidents.
Kirsten Peremore
