The cyber threat landscape is constantly changing as attackers and defenders alike innovate with new technologies and processes. Organizations spend a collective approximate of $60 billion dollars per year to defend their assets and recruit talent to prevent and respond to attacks, as security spend rises another 10% in 2021. While much of an organization’s security focus and spend is dedicated to thwarting attacks that come from outside of the company itself, often overlooked are insider threats: those that come from within the organization. Insider threats, many of which turn out to be non-malicious or accidental, have the potential to cause devastating harm in the form of data theft, financial loss, theft of intellectual property, and reputational damage.
In a 2020 survey, the Ponemon Institute estimated organizations spend on average $644,852 to recover from an insider threat incident, regardless of incident source. This includes the cost of monitoring and investigating suspected insider events and the incident response, containment, eradication, and remediation of an insider incident.