A recently published study from the Ponemon Institute has highlighted the high cost of insider data breaches. On average, insider data breaches now cost companies $4.3 million a year to resolve according to the study.
The Dtex-sponsored study was conducted on 280 IT and security professionals in the United States. All respondents worked for medium to large organizations. Respondents were asked about the insider data breaches that their organization had experienced over the previous 12 months. In total, 874 insider data breaches occurred. The majority of those breaches were the result of negligence by employees and contractors who had been given access to sensitive data.
568 breaches were the result of negligence, 191 were caused by malicious insiders, and 85 involved individuals outside the company gaining access to data using stolen login credentials. The study indicates that the latter are the most expensive to resolve, costing an average of $493,000 per incident. The cost of insider data breaches caused by employee or contractor negligence was around $207,000 per incident.
While the average annual cost of insider data breaches was 4.3 million, the survey showed that the larger the company, the more money was spent resolving data breaches. Companies employing more than 75,000 staff spent an average of $7 million per year resolving insider data breaches. An average of £2 million per year was spent by companies employing between 1,000 and 5,000 staff members.
The majority of insider data breaches were the result of human error. Greater care must be taken when dealing with sensitive data and login credentials should never be divulged. Many of the breaches could have been prevented with more effective training.
According to Larry Ponemon, chairman and founder of the Ponemon Institute, “The training programs that companies have are just not very good.” In many cases, companies provide training to employees in order to comply with industry regulations. Ponemon says “They are really focused on check-the-box compliance requirements to show everyone that your company is training on data protection.”
By investing more in training and ensuring training programs are effective, companies can save millions in breach resolution costs. Companies also need to increase their use of technology to identify anomalous behavior.
Insider breaches caused by the theft or improper use of login credentials can be rapidly identified with the right technology. Ponemon suggests “Companies should look beyond their existing security toolset and consider using behavioral analytics technologies.”