Insider threats take centre stage

Issue 7 2023 Information Security


John Mc Loughlin.

J2 Software, a DTEX Systems partner, has emphasised the inadequacy of current cybersecurity budgets in addressing the core cause of data breaches; insider risks. A recent survey revealed that 58% of organisations believe their budgets allocated to manage insider risks are insufficient to effectively mitigate the increasing costs and frequency of security incidents instigated by individuals within the organisation.

DTEX Systems, in collaboration with the Ponemon Institute, unveiled the 2023 Cost of Insider Risks Global Report. This independent study disclosed a 40% rise over four years in the average annual cost of insider risks, now totalling $16,2 million. Concurrently, the average duration to contain an insider incident has surged to 86 days.

J2 Software CEO, John Mc Loughlin, says that in addition to scrutinising the financial implications of insider security incidents, this year’s study sheds light on how organisations are funding their insider risk programmes. “The research highlights that nearly half (46%) of organisations are planning to bolster their investment in insider risk programs in 2024. Moreover, an overwhelming 77% of organisations have either initiated or are in the process of implementing an insider risk programme.”

As defined by research analyst Gartner, insider risk management encompasses “the tools and capabilities to measure, detect and contain undesirable behaviour of trusted accounts within the organisation.”

Mc Loughlin adds, “Despite the rising costs associated with insider risks, a substantial 88% of organisations allocate less than 10% of their total IT security budget towards managing these internal threats. Organisations boast an IT security budget averaging $2437 per employee, with a mere 8,2% ($200 per employee) designated specifically for insider risk programs and policies.”

Symptom management

DTEX Systems CTO, Rajan Koo emphasised that these findings underscore a diversion of budgets towards reactive ‘symptom management’ despite mounting evidence that the root cause lies within the human factor, represented by insider risks.

“The findings illuminate that insiders, manifesting as insider risks, are the primary cause of data breaches, including those stemming from social engineering. This highlights a pervasive misunderstanding of the various forms of insider risks and the failure to proactively safeguard customer data and intellectual property,” he added.

The 2023 Cost of Insider Risks Global Report offers a comprehensive analysis to comprehend the financial ramifications of insider risks, stemming from either negligent or inadvertent employees, outsmarted employees (including insider incidents linked to credential theft), or malicious insiders.

Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute, commented, “Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organisation’s sensitive data.”

“We believe this study is unique because it analyses the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs. Such information is beneficial in creating a strategy to deal more effectively with the insider risk while reducing the costs.”

Key findings of the 2023 Cost of Insider Risks Global Report include:

• The average annual cost of an insider risk has risen 40% over four years to $16,2 million, up from $15,4 million in 2022.

• The average number of days to contain an insider incident in 2023 has increased to 86 days. The longer it takes to respond, the higher the cost ($18,33 million for incidents that take more than 91 days to contain).

• Organisations are spending less than 10% of their IT security budget on insider risk management. Organisations had an average IT security budget of $2437 per employee, yet only 8,2% (equivalent to $200 per employee) was allocated specifically to insider risk management programs and policies.

• Most insider risk budget is spent after an insider incident has occurred. Only 10% of insider risk management budget (averaging $63 383 per incident) was spent on pre-incident activities: $33 596 on monitoring and surveillance, and $29 787 on ex-post analysis (this includes activities to minimise potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565 363 per incident) was spent on post-incident activity cost centres: $179 209 on containment, $125 221 on remediation, $117 504 on investigation, $113 635 on incident response, and $29 794 on escalation.

• Insider risk programme funding is set to increase. Despite the fact that most organisations allocate an average of 8,2% of their IT security budgets to insider risk programs, 58% view current spending as inadequate and 46% expect funding to increase in the next year. Seventy-seven percent of organisations have started or are planning to start an insider risk programme.

• Non-malicious insiders cause most insider incidents. 75% percent of respondents said the most likely cause of insider risk is non-malicious; a negligent or mistaken insider (55%), or an outsmarted insider who was exploited by an external attack or adversary (20%).

• More than half of non-insider attacks are caused by social engineering. Fifty-three percent of organisations said social engineering (including phishing, pretexting and business email compromise) was a leading cause of non-insider or external attacks.

• Financial services and service organisations have the highest average activity costs. The average activity cost for financial services is $20,68 million, and services (including accountancy, consultancy and professional services firms) are $19,09 million.

• Top-down support is the gold standard. Among organisations that have, or plan to have, a dedicated insider risk programme, 52% report that top-down support and championing of the programme (e.g., an insider risk steering committee) is a key feature. Fifty-one percent have a dedicated cross-functional team from legal, human resources, line of business and IT security.

• AI/ML is essential to insider risk management. One-third of organisations view artificial intelligence and machine learning as essential to the prevention, investigation, escalation, containment and remediation of insider incidents, while 31% view it as very important.

For more information, contact J2 Software, +27 11 794 1096, [email protected], www.j2.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Cybercriminals target financial service providers to get at sensitive client data
Information Security
According to Ryan van de Coolwijk, Product Head for cyber at iTOO Special Risks, hackers target financial service providers because they hold sensitive client information that unauthorised individuals could use for fraudulent activities.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...