Study finds the average cost of an insider-related incident over a 12-month period is $8.76 million

BOSTON, MA – ObserveIT, the leading insider threat management provider with more than 1,700 customers around the world, today released a study, commissioned with Ponemon Institute, that uncovered the direct and indirect costs associated with insider threats. The study of more than 700 IT and security practitioners around the world found that the risk posed by insider threats is growing year-over-year, costing organizations significant money and resources as these threats continue to be difficult to detect, identify and manage. The average cost of an insider-related incident over a 12-month period is $8.76 million, and it takes more than two months, on average, to contain an insider incident.

“This research reveals that ignoring the growing threat posed by insiders can be costly for businesses of all sizes and in all industries,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “The increasing cost of insider threats – whether caused by negligent or malicious actors – is extremely detrimental for organizations, potentially costing them millions of dollars annually.”

Key findings from the survey include:

  • Types of Insider Threats: All types of insider threats are increasing. Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders. The average number of credential theft incidents has more than doubled over the past two years, increasing by 170 percent.
  • Negligent Insiders: The majority of respondents (64 percent) cited that the negligent insider is the root of most incidents, followed by criminal and malicious insiders (23 percent) and employee and contractor negligence (13 percent).
  • Costly Credential Risk: Credential risk (or imposter risk) is the costliest type of insider incident at an average of $648,846 per event. This type of incident is 2.5 times more costly than incidents involving employee or contractor negligence at $283,281 per incident. Criminal and malicious insider incidents cost an average of $607,745 per incident.
  • Organizational Risk by Size and Industry: The cost of incidents varies per organizational size and industry. Large organizations with a headcount of more than 75,000 spent an average of $20 million over the past year to resolve insider-related incidents while smaller organizations with a headcount below 500 spent an average of $1.8 million. Companies in financial services, energy and utilities and retail incurred average costs of $12.05 million, $10.23 million and $8.86 million, respectively.
  • Risk by Region: Organizations in North America experienced the highest total cost to contain insider-related incidents at $11.01 million. Asia-Pacific and European and Middle Eastern (EMEA) companies annualized costs to contain insider-related incidents were $5.88 and $7.04 million, respectively.
  • Time to Contain Threats: Insights from the research reinforce that insider threats continue to be difficult to detect, identify and management as it takes an average of more than two months to contain an insider incident. The results also found that only 16 percent of incidents were contained in fewer than 30 days.

“Insider threats continue to threaten organizations across the globe, ultimately resulting in loss of mission critical data, downtime and lost productivity, and even reputational damage,” said ObserveIT CEO Mike McKee. “Understanding the growing costs and time associated with preventing and managing insider threats, organizations need to invest in a holistic cybersecurity solution to assist with real-time detection, deterrence, education and prevention.”

To read the full study, 2018 Cost of Insider Threats: Global Organizations, visit here.

For more information and a demo of how ObserveIT helps organizations become more secure and eliminate insider threats, visit here.

About Ponemon Institute:
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About ObserveIT
ObserveIT is the leading Insider Threat Management solution with more than 1,700 customers across 87 countries. ObserveIT is the only solution that empowers security teams to detect insider threats, streamline the investigation process, and prevent data exfiltration. With 300+ out-of-the-box insider threat indicators of compromise, rich metadata and outstanding search capability and playback of any policy violation, ObserveIT provides comprehensive visibility into what people – contractors, privileged users and high-risk users – are doing, and reduces investigation time from days to minutes. For more information visit:


Hannah Curtis, 617-502-4350