Cybersecurity News

Insider Breach Remediation Costs Health, Pharma $10.81M Annually

Overall, new research shows healthcare and pharma entities spend $10.81 annually on insider breach remediation. Across all sectors, organizations spend $11.4 to combat insider threats.

healthcare data breach insiders cost risk management

By Jessica Davis

- Health and pharma organizations that experience security incidents caused by careless or malicious insiders spend an average of $10.81 million each year to remediate the threat, according to a recent report from Proofpoint.

Overall, organizations across all sectors spend an average of $11.4 million each year to remediate the threat – up 31 percent from $8.76 million in 2018. And impacted organizations spent an average of 77 days to contain each insider event.

Just 13 percent of insider incidents were contained in less than 30 days.

The Cost of Insider Threats 2020 Global Report was commissioned with the Ponemon Institute and co-sponsored by IBM. Researchers surveyed about 1,000 IT and IT security leaders from across the globe, with each represented organization from the study experiencing at least one insider-related security event in the last year.

The report shows that over the last two years, the costs and frequency of insider events dramatically increased across three threat categories: negligent or careless employees or contractors; criminal or malicious insiders; and cybercriminal credential theft.

What’s more, the number of insider-related breaches have also increased by a whopping 47 percent in the last two years from 3,200 in 2018 to 4,716 in 2020. And 62 percent of these incidents were the result of a careless employee or contractor, with 25 percent stemming from malicious employees.

Fourteen percent of all insider incidents involved cybercriminals stealing credentials. Overall, 60 percent of organizations had more than 30 insider incidents in the last year.

Notably, negligent users cost organizations $4.58 million annually, while criminal incidents cost $4.08 million and credential theft cost $2.79 million each year.

“The cost of insider threat varies significantly based on the type of incident,” researchers wrote. “If it involves a negligent employee or contractor, each incident can average $307,111. However, given this type of incident is the most frequent (comprising 62 percent of incidents), the total costs can add up to an average of $4.58 million per year within each organization.”

The costs are driven by monitoring and surveillance, investigation, escalation, incident response, containment, ex-post analysis, and remediation. The researchers note that investigations are the fastest growing cost center, with the average cost across all incident types rising 38 percent in the last two years to $103,798.

The costs varied by organization size. Larger organizations spent an average of $17.92 million in the last year to resolve an insider-related event, with smaller organizations spending an average of $7.68 million.

To, Mike McKee, executive vice president and general manager of Proofpoint’s Insider Threat Management, the cost per incident should serve as a reminder to all organizations that insider threats should be a prime concern.

“Organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure,” McKee said in a statement.

“Given that users regularly work across a wide range of applications and systems, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of attacks,” he added.

Organizations most at risk are those that fail to fully train employees on understanding and applying laws, mandates, or regulatory requirements to their work that could impact enterprise security, as well as those with employees who don’t understand how to ensure the devices they use at work are secured at all times.

Further, insider risk stems from employees sending highly confidential data to an unsecured location in the cloud, which increase an organization’s risk exposure, and those breaking an organization’s security policies to simplify tasks.

Lastly, insider risk also stems from failing to keep devices and services patched and upgraded to the latest versions.

For healthcare, the report should serve as a reminder to bolster security defenses and policies, given insiders are behind the majority of data breaches. An August Egress report showed insiders were behind 60 percent of data breaches between January 1 and June 20, 2019.

The Office for Civil Rights also recently shared best practices for managing malicious insider threats, given the prevalence in the sector.

“With insider threats on the rise, an increase in the average cost per incident from $8.72 million in 2018 to $11.45 million in 2020, and an increase from 73 to 77 days to contain an incident, organizations need to build an effective insider threat management program,” researchers concluded. “Such a program would ensure that the organization can respond quickly if an incident happens and minimize the overall impact to the business.”

“Whether they are caused accidentally or maliciously, insider threat incidents cannot be mitigated with technology alone,” they added. “Organizations need an insider threat management program that combines people, processes, and technology to identify and prevent incidents within the organization.”