The average cost of an insider cybersecurity attack has sharply risen by 40% across the past four years, a new research report has found.
On top of that, the typical annual cost of these types of cyber threats has risen to reach $16.2 million per attack in the past 12 month period.
The biggest costs happen after the attack has occurred, which means that businesses everywhere should prepare their potential responses now in order to lose the least.
The Number and Costs of Insider Attacks Are Rising
“Insider” attacks, according to the new report, might be both malicious (Espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is negligent, mistaken, or outsmarted). The report, sponsored by insider cybersecurity firm DTEX Systems and out from the data privacy-focused Ponemon research institute, is titled 2023 Cost of Insider Risks Global Report.
It finds that insider threats are on the rise, and not just when it comes to the cost of each attack: The total number of insider incidents across 2023 rose to reach 7,343, up from just 6,803 the year before.
This just in! View
the top business tech deals for 2024 👨💻
Most of the incidents — 75% — were traced back to non-malicious insiders, often due mistaken insiders (55%).
The biggest costs: Containment and remediation, which on average account for $179,209 and $125,221 per incident, respectively. The longer a response takes, the greater the cost.
Why Cyber Budgets Aren’t Spent in the Right Places
Insider attacks are up. In other words, the call is coming from inside the house.
But businesses haven’t adjusted their budgets to account for this. 88% of them are still devoting 10% or less of their IT security budget to managing insider risk specifically… with 91.8% of budgets going towards external threats.
But social engineering, which targets insiders to phish or otherwise trick employees into leaking sensitive information on their own company, remains a huge concern. We lost a collective $6.9 billion to phishing attacks in 2021, and just last year the FBI declared phishing to be the most common form of cyber attack.
Staying Safe From Insider Threats
Change is coming, the report found. Nearly half of organizations, or 46%, are set to increase their investments in insider risk programs in 2024.
But what could that look like for you? Here are the top tips for avoiding a phishing attack.
- Use two-factor authentication
- Double-check the URL
- Don’t give out your login credentials
- Monitor your personal financial accounts
You can also consider a few extra security tools — we’ve ranked the top VPNs for businesses and the best password management tools to boot.