Global Cybersecurity Study: Cyber Budgets Failing to Address Root Cause of Data Breaches: Insider Risks

Fifty-eight percent (58%) of organizations say budgets for insider risk management are inadequate to contain the soaring cost and frequency of human-initiated security incidents.

5

SAN JOSE, Calif. – September 20, 2023 – DTEX Systems, the global leader for insider risk management, today released the 2023 Cost of Insider Risks Global Report, independently conducted by Ponemon Institute. The average annual cost of an insider risk has increased to $16.2M – a 40% increase over four years. Meanwhile the average number of days to contain an insider incident has increased to 86 days.

In addition to analyzing the costs incurred when an organization experiences an insider security incident, this year’s study includes first-time insights on how organizations are funding insider risk programs.

The findings show that almost half (46%) of organizations are planning to increase their investment in insider risk programs in 2024. The study also found that 77% of organizations have started or are planning to start an insider risk program.

“We are encouraged that organizations plan to increase investments in insider risk programs because it’s required by customers and new industry regulations – not just because of previous incidents. This is a significant change that portends long-overdue attention and prioritization,” DTEX Systems CTO Rajan Koo said.

The momentum around insider risk management comes amid a backdrop of soaring costs, frequency, and time to contain insider-related security incidents.

According to research analyst Gartner, insider risk management refers to “the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts within the organization.”

Despite the growing cost of insider risks, 88% of organizations spent less than 10% of their total IT security budget on insider risk management. Organizations had an IT security budget of $2,437 per employee, yet only 8.2% (equivalent to $200 per employee) was allocated specifically to insider risk programs and policies.

The remaining 91.8% of IT security budget was spent on external threats, despite more than half of organizations attributing social engineering as a leading cause of all outside attacks.

Koo said the findings show that budgets are being wasted on reactive “symptom management” despite growing evidence that the root cause starts within.

“The findings demonstrate that the human, manifested as an insider risk, is the leading cause of all data breaches – including the socially engineered,” he said.

“This highlights a widespread misunderstanding of the types of insider risks and the failure to proactively protect customer data and IP.”

The 2023 Cost of Insider Risks Global Report is a comprehensive study to understand the financial consequences of insider risks caused by negligent or mistaken employees, outsmarted employees (including insider incidents related to credential theft), or malicious insiders. It is based on responses from 1,075 security or line of business practitioners in 309 organizations in North America, Europe, Middle East, Africa, and Asia-Pacific region.

Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute commented: “Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organization’s sensitive data. We believe this study is unique because it analyzes the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs. Such information is beneficial in creating a strategy to deal more effectively with the insider risk while reducing the costs.”

Key findings of the 2023 Cost of Insider Risks Global Report include:

  • The average annual cost of an insider risk has risen 40% over four years to $16.2M – up from $15.4M in 2022.
  • The average number of days to contain an insider incident in 2023 has increased to 86 days. The longer it takes to respond, the higher the cost ($18.33 million for incidents that take more than 91 days to contain).
  • Organizations are spending less than 10% of their IT security budget on insider risk management. Organizations had an average IT security budget of $2,437 per employee, yet only 8.2% (equivalent to $200 per employee) was allocated specifically to insider risk management programs and policies.
  • Most insider risk budget is spent after an insider incident has occurred. Only 10% of insider risk management budget (averaging $63,383 per incident) was spent on pre-incident activities: $33,596 on monitoring and surveillance, and $29,787 on ex-post analysis (this includes activities to minimize potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565,363 per incident) was spent on post-incident activity cost centers: $179,209 on containment, $125,221 on remediation, $117,504 on investigation, $113,635 on incident response, and $29,794 on escalation.
  • Insider risk program funding set to increase. Despite the fact that most organizations allocate an average of 8.2% of their IT security budgets to insider risk programs, 58% view current spending as inadequate and 46% expect funding to increase in the next year. Seventy-seven percent of organizations have started or are planning to start an insider risk program.
  • Non-malicious insiders cause most insider incidents. Seventy-five percent of respondents said the most likely cause of insider risk is non-malicious: a negligent or mistaken insider (55%), or an outsmarted insider who was exploited by an external attack or adversary (20%).
  • More than half of non-insider attacks are caused by social engineering. Fifty-three percent of organizations said social engineering (including phishing, pretexting and business email compromise) was a leading cause of non-insider or external attacks.
  • Financial services and service organizations have the highest average activity costs. The average activity cost for financial services is $20.68 million and services (including accountancy, consultancy and professional services firms) is $19.09 million.
  • Top-down support is the gold standard. Among organizations that have or plan to have a dedicated insider risk program, 52% report that top-down support and championing of the program (e.g. an insider risk steering committee) is a key feature. Fifty-one percent have a dedicated cross-functional team from legal, human resources, line of business and IT security.
  • AI/ML essential to insider risk management. One-third of organizations view artificial intelligence and machine learning as essential to prevention, investigation, escalation and containment and remediation of insider incidents, while 31% view it as very important.

Read the complete 2023 Cost of Insider Risks Global Report here.

Hear from Dr. Larry Ponemon and DTEX’s Rajan Koo about the key findings in our videocast with Christopher Burgess.

Methodology
The 2023 study surveyed organizations in North America, Europe, Middle East, Africa, and Asia-Pacific with a global headcount of 500 to more than 75,000 over a two-month period concluding in May 2023. In this year’s study, the Ponemon institute interviewed 1,075 IT and IT security practitioners in 309 organizations that experienced one or more material events caused by an insider. A total of 7,343 insider incidents are represented in this research.

About DTEX Systems
As the global leader for insider risk management, DTEX empowers organizations to prevent data loss and support a trusted workforce by stopping insider risks from becoming insider threats. Its InTERCEPT™ platform consolidates Data Loss Prevention, User Behavior Analytics and User Activity Monitoring in a single light-weight platform to detect and mitigate insider risks well before data loss occurs. Combining AI/ML with behavioral indicators, DTEX enables proactive insider risk management at scale without sacrificing employee privacy or network performance. To learn more about DTEX Systems, please visit www.dtexsystems.com.

Connect with DTEX: LinkedIn | Twitter | YouTube

Subscribe today to stay informed and get regular updates from DTEX Systems