Insider threats take centre stage: Companies acknowledge inadequate budgets to address the root …
–
J2 Software, in collaboration with DTEX Systems, has highlighted the insufficiency of current cybersecurity budgets in addressing insider risks, the core cause of data breaches.
A survey conducted revealed that 58% of organizations believe their allocated budgets for managing insider risks are insufficient to effectively mitigate the increasing costs and frequency of security incidents instigated by individuals within their organization.
The 2023 Cost of Insider Risks Global Report, produced by DTEX Systems in collaboration with the Ponemon Institute, disclosed a staggering 40% rise in the average annual cost of insider risks over four years, reaching $16.2 million.
The average duration to contain an insider incident has also risen to 86 days.
The report also found that 46% of organizations plan to increase their investment in insider risk programs in 2024, while 77% have already initiated or are in the process of implementing an insider risk program.
This indicates a shift in focus and prioritization towards addressing insider risks.
Despite the rising costs associated with insider risks, the report revealed that a substantial 88% of organizations allocate less than 10% of their total IT security budget to manage these internal threats.
Moreover, organizations have an average IT security budget of $2,437 per employee, with only 8.2% ($200 per employee) specifically designated for insider risk programs and policies.
The findings underscore a diversion of budgets towards reactive “symptom management” rather than addressing the root cause of insider risks.
The report emphasizes that insiders, including negligent, outsmarted, or malicious employees, are the primary cause of data breaches, including those resulting from social engineering.
The study’s key findings include the increase in the average annual cost of an insider risk to $16.2 million, the average containment duration of 86 days, and organizations spending less than 10% of their IT security budget on insider risk management.
Furthermore, most insider risk budget is spent after an incident has occurred, with only 10% allocated to pre-incident activities.
The report also highlights that non-malicious insiders, such as negligent or mistaken employees, and outsmarted insiders exploited by external attacks, are the most common causes of insider risk incidents.
Social engineering, including phishing and business email compromise, is cited as a leading cause of non-insider or external attacks.
Financial services and service organizations have the highest average activity costs, with financial services averaging $20.68 million and services sectors averaging $19.09 million in costs.
The report emphasizes the importance of top-down support and dedication to insider risk programs, as well as the value of artificial intelligence and machine learning in preventing and mitigating insider incidents.
Overall, the report aims to create awareness of the significant costs incurred by organizations when employees exhibit negligent, mistaken, or malicious behavior, and provides valuable insights for organizations to create more effective strategies to manage insider risk while reducing costs.
Link: https://www.fanews.co.za/article/views-letters-interviews-comments/18/all/1102/insider-threats-take-centre-stage-companies-acknowledge-inadequate-budgets-to-address-the-root-cause-of-breaches/38163