The causes and costs of insider threats were analyzed in a recent report by DTEX Systems. According to the report, the average annual cost of an insider risk has increased 40% over four years. Meanwhile, the average number of days to contain an insider incident has increased to 86 days.

Forty-six percent of organizations are planning to increase their investment in insider risk programs in 2024. The report found that 77% of organizations have started or are planning to start an insider risk program.

Despite the growing cost of insider risks, 88% of organizations spent less than 10% of their total IT security budget on insider risk management. The remaining 91.8% of IT security budget was spent on external threats, despite more than half of organizations attributing social engineering as a leading cause of all outside attacks.

According to the report, 10% of insider risk management budget (averaging $63,383 per incident) was spent on pre-incident activities: $33,596 on monitoring and surveillance and $29,787 on ex-post analysis (this includes activities to minimize potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565,363 per incident) was spent on post-incident activity cost centers: containment, remediation, investigation, incident response and escalation.

Despite the fact that most organizations allocate an average of 8.2% of their IT security budgets to insider risk programs, 58% view current spending as inadequate and 46% expect funding to increase in the next year. Seventy-seven percent of organizations have started or are planning to start an insider risk program.

Seventy-five percent of respondents said the most likely cause of insider risk is non-malicious: a negligent or mistaken insider (55%) or an outsmarted insider who was exploited by an external attack or adversary (20%). Fifty-three percent of organizations said social engineering (including phishing, pretexting and business email compromise) was a leading cause of non-insider or external attacks.

Among organizations that have or plan to have a dedicated insider risk program, 52% report that top-down support and championing of the program (e.g., an insider risk steering committee) is a key feature. Fifty-one percent have a dedicated cross-functional team from legal, human resources, line of business and IT security.

One-third of organizations view artificial intelligence and machine learning as essential to the prevention, investigation, escalation, containment and remediation of insider incidents, while 31% view it as very important.

Read the full report here.