WP By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection | Imperva

By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection

By the Numbers: The Cost of Insider Data Breach vs The Cost of Protection

The global business data security landscape has become dramatically more challenging over the last few years. One of the main reasons for this is insider threats, as reported in the 2022 Cost of Insider Threats Global Report, independently conducted by The Ponemon Institute.

Several factors have contributed to growth in this threat vector. The move by businesses to shift critical workloads to the cloud, and a corresponding reliance on new technology, has increased the chance for misconfiguration. The pandemic remains a major factor. With the increase in work from home, employees often do not receive the same security protections the office environment traditionally affords. The pandemic also drove widespread redundancies and increased employee churn rates across all industries. This strained privileged access enforcement and change in access requirements have muddied the access waters.

The Ponemon study reports 67 percent of affected companies are experiencing 21 to more than 40 insider data breach incidents per year – a sharp increase from 53 percent since 2018. This data aligns with recent Forrester Research results that found 58 percent of sensitive data incidents are caused by insider threats – more information is available in this blog.

What is the cost of insider data breach vs. protection?

In this post, we will provide a summary of Ponemon’s findings and show the comparative cost of Imperva protection for you to have a starting point for your own investigation. In a future blog, we’ll suggest how and why enterprises should use this information to shape their insider (and outsider) threat mitigation plan.

The cost of an insider threat breach in money and time

An insider threat could be a negligent employee/contractor, malicious associate, or cybercriminal credential thief. Out of these three profiles, insider threats caused by careless or negligent employees or contractors are the most widespread.

According to Ponemon’s findings, 56 percent of reported incidents were due to negligence. This could be due to a number of factors, such as not ensuring device security, lack of awareness of the company security policy, or not remembering to patch and upgrade applications. The average annual cost to remediate a negligence incident was $6.6 million.

Malicious associates and credential thieves follow closely behind. 26 percent of incidents were related to criminal insider behavior (at an average cost of $4.1 million/incident), and 18 percent of incidents were related to user credential theft ($4.6 million/incident). Credential theft has almost doubled in frequency since the previous (2018) Ponemon study and cost the most to remediate.

The difference in the cost between insider threat types is due to the different activities following an incident – e.g. surveillance and monitoring, escalation, inquiry, incident response, containment, analysis, and better practices/future-proofing. For the purpose of this discussion, let’s take $5.6M as the weighted average of all remediation types ( $5.6M = (56*$6.6M + 26*$4.1M + 18*$4.6M)/100 ).

The financial costs of insider threat incidents are a wake-up call on their own, but add to this the time taken to contain an insider incident. The average time to resolution is 85 days – an increase of 8 days since the last study in 2020, and breach ramifications can be catastrophic. A recent Forrester Insider Threat Report further cites the negative impact on brand reputations as a major concern and hidden and unquantifiable negative financial by-product.

What is the cost of data security?

Costs vary based on the size, goals, and requirements of the organization. The Total Economic Impact (TEI) of the Imperva Data Protection Solution, a report developed by Forrester Research, provides averaged deployment costs for five Imperva customers.

This fits our needs perfectly. Using this information, we see that an average enterprise first year cost is $963,547 ($179,463 + $784,084) This was copied from the table on page 19 of the report.

Insider Breach Cost Image

The Forrester report is a recommended read for all organizations exploring data security. The report includes drivers for data security and customer views on value points such as increased long-term data retention, increased visibility, an improved employee experience, and more. This blog and this infographic provide additional details.

Comparing the cost of a breach vs. the cost of data security

Organizations exploring data security but lacking financial information to form a comparison can use these average costs as a starting point to their own investigation.

  • Cost of a breach: $5.6M (average).
  • Cost of Imperva data security: $960K (initial year, average).

First-year data security cost compared to an average breach is 17 percent ($0.960M/$5.6M). Does this fit every use case? Of course not. At roughly one-fifth the cost, however, the averaged results show data security is highly viable, especially considering the additional value it provides.

What’s more, time to Imperva product value takes a fraction of the time of mitigation, roughly two weeks in most cases, compared to the incidents detailed in the Ponemon report, where only 2% of insider breaches were contained in less than 30 days and 34% of incidents took over 90 days.

According to the Forrester Insider Threat Report, commissioned by Imperva in 2021, a comprehensive data protection strategy promotes better business security culture and saves an organization from the cost of continued regular security events. More than half of the respondents (53 percent) experienced improved alignment across security, IT, legal, leadership, and other teams due to having a comprehensive data protection strategy.

The report further suggests that, as well as a reduction in internal data breaches and fewer business-impacting security events, companies can also expect a reduced negative impact on brand reputations (45 percent) with fewer incidents to impact consumer trust and maintain positive PR – a priceless factor, some might say.

Make data security part of your business

Insider threats affect over a third (34%) of businesses (globally) each year. The impact of business disruption due to reduced employee productivity (23 percent of the total cost of a breach) is the single biggest financial factor.

Data security can help to detect insider threats and proactively alert a security team, reducing the change of data exfiltration. While reduced risk may be the single most important initial value for deploying a data security platform, visibility and analytics that cover all data assets, on-premise and multi-cloud, provide year-long value to security teams, and in turn, the business.

For more advice on preventing insider data breaches, or if you’d like to talk to us about investing in Imperva data security, please contact our Imperva data security team.