POWERED BY
INTELLIGENT BRANDS // Enterprise Security
Insider threats cost organisations
in the Middle East US$11.65
million annually
/////////////////////////////
A new report from cybersecurity company Proofpoint reveals
more than 60% of insider threats are the result of negligent
employee or contractor behaviour.
Emile Abou Saleh, Regional Director, Middle
East and Africa at Proofpoint
Proofpoint, a leading cybersecurity and
compliance company, has released its
Cost of Insider Threats 2020 Global
Report to identify the costs and trends
associated with negligent, compromised
and malicious insiders. Notably, on average,
impacted organisations in the Middle East
spent US$11.65 million annually on overall
insider threat remediation and took 77 days
to contain each incident.
The report, commissioned with The
Ponemon Institute and co-sponsored by
IBM, surveyed nearly 1,000 IT and IT
security practitioners across North America,
Europe, Middle East, Africa and Asia-Pacific.
Each organisation included in the study
experienced one or more material events
caused by an insider.
Over the last two years, the frequency
and costs associated with insider threats
increased dramatically across all three
insider threat categories, including careless
or negligent employees/contractors, criminal
or malicious insiders and cybercriminal
credential theft.
“With an average cost of more than
US$600K per incident, insider threats
must be a leading concern for companies
worldwide,” said Mike McKee, Executive Vice
President and General Manager of Insider
Threat Management for Proofpoint.
“Organisational insiders, including employees,
contractors and third-party vendors, are an
attractive attack vector for cybercriminals due
to their far-reaching access to critical systems,
data and infrastructure.
“Given that users regularly work across a
wide range of applications and systems,
we recommend layered defences, including
a dedicated insider threat management
solution and strong security awareness
training, to provide the best protection
against these types of attacks.”
Emile Abou Saleh, Regional Director,
Middle East and Africa at Proofpoint,
said: “According to the report findings,
organisations in the Middle East have
experienced the highest number of insiderrelated
incidents over the past 12 months
and are likely to experience credential theft.
“It is, therefore, crucial for organisations
in the Middle East to build a culture of
cybersecurity among their employees by
putting in place cybersecurity awareness
training in order to understand how security
policies affect their day-to-day work.”
This year’s Cost of Insider Threats 2020
Global Report key findings include:
• Globally, organisations impacted by
insider threats spent an average of
US$11.45 million annually – that’s up
31% from US$8.76 million in 2018.
• More than 60% of reported insider
threat incidents were the result of
a careless employee or contractor
and 23% were caused by malicious
insiders. A total of 14% of all insider
threat incidents involved cybercriminals
stealing credentials.
• The number of incidents has also
increased by a staggering 47% in just
two years, from 3,200 in 2018 (Ponemon)
to 4,700 in 2020.
• The longer an insider threat incident
lingers, the costlier it gets. Incidents that
took more than 90 days to contain cost
organisations US$13.71 million on an
annual basis, while incidents that lasted
fewer than 30 days cost roughly half,
at US$7.12 million. It takes an average
of more than two months (77 days) to
contain an insider incident.
• The larger the organisation the more
insider incidents. Large organisations with
a headcount of more than 75,000 spent
an average of US$17.92 million over the
past year. To contrast, smaller
organisations with a headcount below
500 spent an average of US$7.68 million.
To download the Cost of Insider Threats
2020 Global Report, visit: https://www.
observeit.com/cost-of-insider-threats/. •
www.intelligentcio.com INTELLIGENTCIO 67