Many organizations view security programs as a cost center and security technology investments as pure costs. But security investments can deliver real ROI— especially when it comes to technology-enabled insider threat management (ITM) programs. Research has shown that insider threat incidents are up 47% in the past two years alone. The average cost of these incidents has risen 37% to $11.45 million in the same time period. So how do organizations drive down these costs and empower teams with the right tools?
A recent economic analysis report from Enterprise Strategy Group (ESG) measured the cost savings and operational benefits organizations get when using Proofpoint’s ITM solution.
Overall, the report found that Proofpoint ITM:
- Reduces insider threat costs by nearly $400,000 per month for a 10,000-employee organization
- Pays for itself in just 5 months
- Delivers a 695% three-year return
Here are some of the other key takeaways.
Understanding the Costs of Managing Insider Threats
The overall cost of managing insider threats is a function of the frequency of insider incidents and the overall cost per incident. If a program and/or technology investment can be shown to reduce the number of overall incidents per year, there are obvious savings to be realized. The cost per incident can be broken into 2 basic categories:
Direct Costs: These are costs that result from direct activities of security teams to contain and resolve insider threats as well as the costs of downtime or lost revenue. Direct costs can be reduced by reducing the amount of time to resolve insider threat incidents. For example, incident response labor would be an example of a direct cost.
Indirect Costs: Indirect costs are broader operational and organizational expenses that are involved in managing insider threats, but not directly tied to a specific threat. For example, technology investments would be an indirect cost.
Any economic analysis of the impact of a security technology investment should relate to how the overall frequency if incidents, the direct cost per incident, and the amortized value of indirect costs per incident can be reduced.
Three Key Value Drivers of ITM
Given how security teams justified their investments, Proofpoint ITM got high marks from customers in the three following areas:
- Lower Operational Cost of Insider Threat Management: Customers felt that Proofpoint ITM’s user-centric focus made detecting and investigating insider threats much simpler. This helped resolve incidents faster and directly reduced the direct costs associated with managing insider threats.
- Lower Operational Cost of SecOps: Customers found it effective to use Proofpoint ITM as a front end to other tools such as SIEMs and cybersecurity alerts. The ability to distinguish true signals from the noise of alerts delivered greater value from existing investments. The ability to improve incident response workflow improved overall efficiency and lowered indirect costs associated with managing insider threats.
- Improved Security Effectiveness and Reduced Risk to the Organization: With faster identification and response to insider threats and cyber incidents, Proofpoint ITM can lower the overall number of incidents, reducing risk and strengthening cybersecurity.
Strengthening cybersecurity has consistently topped ESG research respondents’ list of business drivers for technology spending for several years. As organizations grow, the lack of tools isn’t the issue – instead it’s the lack of people to interpret, manage, and take action from these tools.
The ESG report shows that Proofpoint ITM is a security solution built with people in mind. As a result, teams are empowered to streamline the security process, get the intelligence they need, and become more operationally efficient.
Want to learn more about the ROI of insider threat management?