Study Explores the Effectiveness of Insider Risk Management Programs
In 2024, the healthcare industry was rocked by a ransomware attack on Change Healthcare that caused massive disruption to healthcare operations across the country and resulted in the theft of the protected health information of more than 190 million individuals. According to Kroll, healthcare was the most attacked industry, overtaking finance, accounting for 23% of all data breaches last year. While hacking was the most common breach cause in 2024, many cybersecurity incidents were due to malicious and negligent insiders, and these incidents can be costly to resolve.
A recent study by the Ponemon Institute on behalf of DTEX Systems sought to identify how prevalent insider breaches are, the financial impact of these incidents, and how organizations are addressing insider risk. The survey revealed that organizations are increasingly adopting insider risk management programs, with the percentage of companies that have an insider risk management program increasing from 77% in 2023 to 81% in 2024. The amount of the IT security budget devoted to insider risk management is also increasing, more than doubling from 8.2% in 2023 to 16.5% in 2024. While it is encouraging to hear that companies are appreciating the importance of insider risk management, 45% of surveyed companies said the level of funding of their insider risk management programs is inadequate.
Insider incidents are increasing, with DTEX Systems reporting an overall increase from 7,343 incidents in 2023 to 7,868 incidents in 2024; however, there is growing evidence that insider risk management programs are having the desired effect. While the total number of incidents has increased year-over-year, the frequency of incidents has declined. In 2023, 71% of surveyed companies said they had experienced more than 21 incidents per year with just 57% of companies experiencing that level of incidents in 2024.
This is the 6th Cost of Insider Risks benchmarking study, and for the first time, the average time to contain an insider breach has gone down, falling from 86 days in 2023 to 81 days in 2024, and the faster the breach is contained, the lower the cost. DTEX Systems says incidents that are contained within 31 days cost an average of $10.6 million, compared to $18.7 million for incidents that take more than 91 days to contain.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The most common motivations were financial gain (55%), convenience such as using AI or LLMs to support job tasks (55%), professional grievances 948%, and nationalism (37%) and the main cause of insider incidents was mistaken or negligent insiders, which accounted for 4,321 incidents at an average of 13.5 incidents per organization. These incidents cost an average of $676,517, up from $505,113 in 2023. Malicious insider incidents are costly, at an average of $715,366 per incident, up from $701,500 in 2023. In 2024, 1,995 such incidents were identified at an average of 6.3 per organization. The most expensive risk, however, was insiders who had been outsmarted through credential theft, with these incidents costing an average of $779,797 per incident, up from $679,621 in 2023, with at least 1,552 of those incidents identified in 2024. The biggest costs were in the United States, where companies spent an average of $22.2 million dealing with insider incidents, with the highest costs in the healthcare and pharmaceutical industry, with costs of $29.2 million. Technology and software ranked second with average costs of $23 million.
The rising cost of post-incident activity has seen average annualized insider breach costs increase from $16.2 million in 2023 to $17.4 million in 2024, with containment and incident response the highest costs, at an average of $211,021 and $154,819 respectively, up from $179,209 and $113,635 the previous year. The costliest consequences of insider incidents are disruption or downtime, accounting for 24% of the cost, with 18% coming from direct and indirect labor costs.
The main perceived beneficial outcomes of an insider risk management program are time-saving responding to a data breach (63% of respondents), protecting brand reputation (61%), reducing the cost of a data breach (59% of respondents), and avoiding regulatory fines (59% of respondents). When asked about the specific benefits achieved by an insider risk management program, 65% of respondents said it allows them to preempt a data breach by identifying insider risk early in the kill chain, 61% said AI has helped them to understand human behavior better, 59% said they have been able to apply a proportionate respond to concerning employee behavior, and 56% said they have been able to understand concerning employee behavior against what is considered normal behavior to the organization. Evaluations of insider risk management programs revealed a reduction in incidents (45%), shorter resolution times (43%), and shorter investigations (39%).
