Insider Threat Awareness – Costs of Insider Threat Incident and Recovery Time on the Rise

The cost of an insider threat compromising an organization is at the highest it’s ever been, according to a recent report from the cybersecurity firm DTEX Systems. The report also found organizations are spending more time to recover from an insider threat incident.

The report found the average annual cost of an insider threat has increased to $16.2 million, representing a 40% increase over four years. Meanwhile, the average number of days to contain and recover from an insider incident has risen to 86 days. Despite the growing cost of insider threats, 88% of organizations spent less than 10% of their total IT security budget on insider risk management. According to survey data, 75% of respondents said the most likely cause of insider risk is non-malicious: a negligent or mistaken insider (55%) or an outsmarted insider who was exploited by an external threat actor (20%), with social engineering being a leading cause of non-intentional insider threat incidents.

Water and wastewater utilities have experienced multiple insider threats incidents over the past few years, such as the incident in Kansas where a former employee pleaded guilty to unauthorized computer access with intent to harm. This summer, a former water utility employee was charged for reportedly accessing the network of the utility and then purposefully uninstalling the main operational and monitoring system for the water treatment plant and turning off the servers running those systems causing a threat to public health and safety. With September also being National Insider Threat Awareness Month, now is the time for organizations to assess their risk and implement an effective insider threat program. Read more at HelpNetSecurity.