Insider threats cost businesses millions


18 September 2006

Insider threats are costing US businesses millions of dollars a year in lost revenues, new figures have revealed.




A survey from the Ponemon Institute and Arcsight has calculated the average cost of insider data breaches at a staggering $3.4 million (€2.69 million) per company per year.

More than 78% of respondents to the survey admitted to one or more unreported insider-related security breaches at their company.

Nine out of 10 IT managers surveyed blamed the breaches on a lack of resources, and 81% on poor management. In addition, 89% viewed insider threats as serious, yet only half believe that chief executives have the same perception.

When asked about the top concerns about data integrity, the IT managers identified three major threats: missed or failed security patches on critical applications; accidental or malicious insider misuse of sensitive or confidential data and virus, malware and spyware infections.

“The data breaches in the headlines are just the tip of the iceberg of the challenges IT security departments face in relation to insider threats,” said Brian T. Contos, chief security officer at Arcsight.

“In addition to the threat of losing control over confidential information, they are also worried about insider activity related to IT sabotage and fraud.

“Addressing insider threats requires a combination of incident prevention, detection and response, and companies have invested in various technologies to address this challenge.

“These solutions are important, but organisations need to have a comprehensive view across the technologies to fully leverage these investments and gain early insight into suspicious activity.”

Steve Sommer, senior vice president of marketing and business development at Arcsight, said, “Addressing insider threats has become a top priority for many of the commercial and government organisations we work with.

“But this study is evidence that more education is necessary beyond the IT security department on the potential threat, whether it’s losing control over confidential information or insider activity related to IT sabotage and fraud.

“While many IT security professionals use a combination of manual controls and technologies to address insider threats, they require a combination of incident prevention, detection and response.”

Part of the reason for high number of reported breaches could be the survey’s wide interpretation of what constitutes an insider threat.

The study defines it as “the misuse or destruction of sensitive or confidential information, as well as IT infrastructure that houses this data, by employees, contractors and others with access to sensitive or confidential information”.

The National Survey on Managing the Insider Threats was drawn from the responses of more than 450 US-based IT security professionals.

Read More:

Comments are closed.

Back to Top ↑