A recent study disclosed that over the past four years, the average cost of an insider cybersecurity attack has increased dramatically by 40%.
In addition, the average annual cost of these cyberthreats has increased over the past 12 months, reaching $16.2 million per incident.
The highest costs arise after the attack has taken place, thus businesses globally should prepare their prospective responses now in order to incur the least amount of financial loss.
The new research states that "insider" attacks can be either malicious (espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is careless, mistaken, or outsmarted). The study titled '2023 Cost of Insider Risks Global' was released by the data privacy-focused Ponemon research centre and funded by insider cybersecurity company DTEX Systems.
It reveals that insider risks are increasing, and not simply in terms of how much each attack costs. In 2023, there were a total of 7,343 insider incidents, up from just 6,803 the year before.
The majority of the incidents (75%), frequently attributable to mistaken insiders (55%), were traced back to non-malicious insiders.
The two expenses with the highest average costs per incident are containment and cleanup, which total respectively $179,209 and $125.221. A response's price increases with duration.
Why cyber budgets aren't spent wisely?
Insider threats are increasing. Or, to put it another way, the call is coming from inside the house.
Businesses, meanwhile, have not made the necessary adjustments to their budgets. For controlling insider risk specifically, 88% of them still only allocate 10% or less of their IT security budget... in which external threats get 91.8% of budgetary resources.
However, social engineering, which uses insiders as a target to phish or otherwise trick personnel into disclosing private information regarding their own firm, is still a major threat. Phishing assaults cost businesses nearly$6.9 billion in 2021, and the FBI recently identified phishing as the most frequent type of cyberattack.
“This highlights a widespread misunderstanding of the types of insider risks and the failure to proactively protect customer data and IP [intellectual property],” Rajan Koo, chief technology officer of DTEX Systems, stated in a press release.