Call us on 03450 21 21 51

Insider threats costing businesses $11.45 million globally, according to new research
The SRM Blog

Insider threats costing businesses $11.45 million globally, according to new research

Tim Deakin

Written by Tim Deakin

25th February 2020

Share this article

insider threats

A recent study looking at companies across key regions, concluded that the risk of insider threats has risen dramatically within organisations.

Cybercrimes, data breaches, viruses and malware – all have been on the rise in recent years, and the source of these issues is often internal.

This is the conclusion of a new study by The Ponemon Institute, which explored the growing number of cyber security incidents caused by insider threats.

The study found that instances of insider threats have increased by 47% since 2018. In response to this, organisations across all industries spend an average of $11.45 million a year to try and remediate such breaches.

In total, businesses are spending 60% more to fix insider threats when compared to the average annual spending just three years ago.


What constitutes an insider threat?

We tend to think of cybercrimes as the work of mysterious, external forces, but in fact such incidents are often initiated by individuals within an organisation. This misuse of authorised access – whether intentional or unwitting – can compromise an organisation’s critical information and systems.

The study conducted by The Ponemon Institute looked at companies located around the globe, including Europe, North America, the Middle East, and the Asia-Pacific region.

Researchers split insider threats into three distinct categories in order to gain a more detailed analysis. These categories were:

  • Unintentional threats caused by negligent staff or contractors
  • Threats caused by credential thieves who use insiders’ login information to gain unauthorized access to systems and applications
  • Threats instigated by malicious insiders and criminals aiming to damage a business’s reputation


What were the key findings?

In the event of an insider threat, it was found that the hardest hit were typically organisations in Financial Services, Energy & Utilities, and Retail. In particular, Financial Services organisations spent an average of $14.05 million to remediate insider breaches in each of the last two year – a rise of over 20%.

Other findings of interest included:

  • Large organisations with more than 75,000 team members incurred an annual cost of $17.92 million due to insider threats
  • Organisations with less than 500 members spent an average of $7.68 million on remedying insider threats
  • Mistakes deemed to be “careless” cost an average of $4.58 million each year
  • Incidents taking more than 90 days to contain incurred an average annual cost of $13.71 million
  • Breaches contained in less than 30 days cost an estimated $7.12 million per year


What does this mean for businesses in 2020?

Maintaining tight processes and procedures to reduce the likelihood of internal threats has never been more crucial. And the internationally recognised ISO27001 standard is a useful framework for organisations to work towards in order to build their defences against internal threats.

ISO27001 fundamentally helps a business to identify risks relating to confidentiality, integrity and the availability of information, as well as supporting the implementation of controls to reduce those risks to a manageable or acceptable level. Even for those businesses not looking to achieve ISO27001 accreditation, using this standard as a guide can be hugely beneficial in developing and managing information security controls.

Not sure your organisation is adequately prepared to face an insider threat? Get in touch with our team today by calling 03450 21 21 51 or drop us an email at

Back to top