Organisations in the Middle East spent more than the global average of $11.45m annually on overall insider threat remediation.
The region spent $11.65m annually and took 77 days to contain each incident.
According to cybersecurity and compliance company Proofpoint’s report, commissioned with The Ponemon Institute and co-sponsored by IBM, the frequency and costs associated with insider threats over the last two years increased dramatically across all three insider threat categories, including careless or negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft.
The targeted organisations in the survey were businesses with a global headcount of 1,000 or more employees and these organisations experienced a total of 4,716 insider incidents over the past 12 months.
“Organisations in the Middle East have experienced the highest number of insider-related incidents over the past 12 months, and are likely to experience credential theft”, said Emile Abou Saleh, Regional Director for Middle East and Africa at Proofpoint.
“It is, therefore, crucial for organisations in the Middle East to build a culture of cybersecurity among their employees by putting in place cybersecurity awareness training to understand how security policies affect their day-to-day work.”
The overall cost of insider threats globally is rising, with a 31% increase from $8.76 million in 2018 to $11.45 million in 2020.
Also, the number of incidents has increased by a staggering 47% in just two years, from 3,200 in 2018 (Ponemon) to 4,700 in 2020.
The data show that insider threats are still a lingering and often under-addressed cybersecurity threat within organisations, compared with external threats.
More than 60% of reported insider threat incidents were the result of a careless employee or contractor and 23% were caused by malicious insiders.
A total of 14% of all insider threat incidents involved cybercriminals stealing credentials.
- State-sponsored actors to launch more coordinated cyber attacks
- Prediction rather than prevention is way forward to stay one step ahead of hackers
- Healthcare is an attractive target for disruptive or destructive cyberattacks
- Cybersecurity needs to be part of an organisation’s culture to be effective
Retail and financial services take the hit
The report showed that it takes an average of 77 days to contain each insider threat incident while only 13% of incidents were contained in less than 30 days.
“Incidents that took more than 90 days to contain cost organisations $13.71m on an annualised basis, while incidents that lasted less than 30 days cost roughly half, at $7.12m,” report said.
Since 2018, the average number of incidents involving employee or contractor negligence has increased from 13.4 to 14.5 per organisation.
The average number of credential theft incidents has tripled over the past two years, from 1.0 to 2.9 per organisation. That said, 60% of organisations had more than 30 incidents per year.
The cost of incidents varied according to organisational size as large organisations (with a headcount of more than 75,000) spent an average of $17.92m over the past year to resolve insider-related incidents.
To deal with the consequences of an insider incident, smaller-sized organisations (those with a headcount below 500) spent an average of $7.68m.
The fastest-growing industries for insider threat were retail (38.2% increase in two years) and financial services (20.3% increase in two years).
“With an average cost of more than $600,000 per incident, insider threats must be a leading concern for companies worldwide,” said Mike McKee, executive vice-president and general manager of Insider Threat Management for Proofpoint.
“Organisational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. Given that users regularly work across a wide range of applications and systems, we recommend layered defences, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of attacks.”