FEATURE
security policy , or forgetting to patch and upgrade .
• Malicious or criminal insiders were behind one in four incidents ( 26 %) at an average cost per incident of US $ 648,062 . Malicious insiders are employees or authorised individuals who use their data access for harmful , unethical , or illegal activities . Malicious insiders are harder to detect than external attackers or hackers because employees are increasingly granted access to more information to enhance productivity in today ’ s work-from-anywhere workforce .
• Credential theft incidents have almost doubled since the last study . At an average of US $ 804,997 per incident , credential theft is the costliest to remediate . The intent of the credential thief is to steal users ’ credentials that will grant them access to critical data and information . A total of an average 1,247 incidents ( or 18 %) involved cybercriminals stealing credentials .
• The time to contain an insider incident increased from the last study . It takes an average of nearly three months ( 85 days ) to contain an insider incident , up from 77 days in the previous study . Incidents that took more than 90 days to contain cost organisations US $ 17.19 million on an annualised basis , while incidents that lasted less than 30 days cost an average of US $ 11.23 million .
• Financial services and professional services have the highest average activity costs . The average activity cost for financial services is US $ 21.25 million and professional services is US $ 18.65 million . Service organisations represent a wide range of companies including accounting , consultancy and professional service firms .
• Organisational size affects the cost per incident . The cost of incidents varies according to organisational size . Large organisations with a headcount of more than 75,000 spent an average of US $ 22.68 million over the past year to resolve insiderrelated incidents . To deal with
North American companies are spending more than the average cost on activities that deal with insider threats .
the consequences of an insider incident , smaller-sized organisations with a headcount below 500 spent an average of US $ 8.13 million .
• North American companies are spending more than the average cost on activities that deal with insider threats . The total average cost of activities to resolve insider threats over a 12-month period is US $ 15.4 million . Companies in North America experienced the highest total cost at US $ 17.53 million .
38 www . intelligentciso . com