The Security Risk Organizations Should Not Ignore: Careless, Negligent and Malicious Insiders
Insider security incidents caused by careless employees or contractors, malicious insiders or credential thieves are increasing and becoming significantly more costly. According to the global 2025 Cost of Insider Risks, since 2022 the average annualized cost of employee negligence, criminal insiders and credential thieves increased from $15.4 million to $17.4 million. The number of incidents discovered and analyzed increased from 3,269 in our 2018 study to 7,868 in this year’s research.
Understanding the risk is important to reducing the likelihood of such a security incident. More than 8,000 individuals in 349 organizations in North America, EMEA and Asia-Pacific shared their experiences when they had an insider security incident. A key finding is that organizations in North America are spending the most to deal with the different types of insider incidents at $22.2 million followed by EMEA at $20.3 million. What we learned is that there are signs that your organization can be at risk.
This cost study is unique in addressing the core systems and business process-related activities that drive a range of expenditures associated with a company’s response to insider negligence and criminal behaviors. In this research, we define an insider-related incident as one that results in the diminishment of a company’s core data, networks or enterprise systems. It also includes attacks perpetrated by external actors who steal the credentials of legitimate employees/users (i.e., imposter risk).
While the risk of malicious insiders and credential thieves should be assessed and responded to, the most prevalent insider security incident continues to be caused by careless or negligent employees. According to the findings, 55 percent of incidents experienced by organizations represented in this research were due to employee negligence and the average annual cost to remediate these incidents was $8.8 million. Not as frequent are incidents involving criminal or malicious insiders (25 percent of incidents) and credential theft (20 percent of incidents). The average cost per malicious or criminal incidents is $3.7 million and the average cost for credential theft is $4.8 million.
The following are signs your employees are putting your organization at risk.
- Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements related to their work and that affect the organization’s security.
- Employees are unaware of the steps they should take to ensure that the devices they use—both company issued and BYOD—are secured at all times.
- Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organization to risk.
- Employees break your organization’s security policies to simplify tasks.
- Employees expose your organization to risk if they do not keep devices and services patched and upgraded to the latest versions.
Understanding the risk created by all insiders is important to reducing the likelihood of such a security incident. More than 8,000 individuals in 349 organizations in North America, EMEA and Asia-Pacific shared their experiences when they had an insider security incident. We hope you will read the full report https://ponemon.dtexsystems.com/ that has all the data on the trends on how insider risks have impacted organizations since 2018, the cost and how to manage the insider threat.