What is Insider Threat Detection, and Do You Need it


In today's fast-moving digital environment, top organizations not only have to protect their infrastructure from devastating external cyberattacks—but they also need to diligently protect their network environments against insider attacks.

Cyber threats can emerge from inside organizations due to poor cyber hygiene and mismanagement of key credentials—accidents you can avoid—though they can also come about as a result of malicious actions undertaken by trusted employees, partners, contractors, and clients.

What are insider threats?

Any individual or organization with access to your network's architecture, cloud instances, user records, servers, security devices, IoT platforms, applications, and other endpoints is capable of launching a cyberattack—and the stakes are increasing all the time:

  • The vast majority (61.39%) of cybersecurity insider threat events are unintentional and caused by negligence on the part of trusted users who mistakenly provided access to a network environment by accidentally clicking on a malicious link or sharing account access credentials with an illegitimate user.

  • Ill-intentioned and disgruntled employees, partners, and clients are responsible for a relatively small number (13.86%) of cyber threat events, though they should not be discounted as unlikely.

  • Stolen credentials (24.75%) were captured from previous data leaks or purchased on the dark web account for a growing number of threat events. 

In 2021, insider threats are likely to result in more than 60% of global data breaches. On average, it takes 77 days to identify and contain these cyberattacks, and the cost of losses due to these incidents has risen from $8.76 million to $11.45 million over just the last 24 months. On average, in 2020, it cost organizations $645,000 to recover from insider threat events. 

Cybersecurity awareness training has become one of the primary methods for organizations to address insider threats, but unfortunately, most ongoing employee educational training falls short in several key areas. The problem is that infrequent and quickly rolled out cybersecurity training systems do not create the far-reaching organizational culture changes needed to truly counter insider threats. 

Over the last decade, more than 27% of the Fortune 500 companies have experienced data breaches. Many of these large and market-leading enterprises already provide cyber awareness training opp. Ongoing employee training is useful but needs to be paired with the best prevention and detection-based cybersecurity practices as well. 

What is insider threat detection?

Insider threat detection is a term used to refer to a series of interlocking processes that reduce your organization's cyber risk by limiting the opportunities employees (or others with access to your network) have to cause harm, either maliciously or accidentally. Some methods of reducing insider threat opportunities include:

  • Applying user access management control processes
  • Providing employees and external partners with regular security awareness briefings and training
  • Monitoring employee activity across networks for anomalous or unusual behavior
  • Applying multi-factor authentication protocols and encryption processes to limit access to sensitive documents and platforms
  • Designing enhanced cybersecurity governance policies for remote working processes and the handling of sensitive projects
  • Communicating to staff, vendors, and external partners that systems are regularly monitored

Danger comes from within: The costs of insider risks and ROI of mitigation.

Insider risks can result in both hard and “soft” costs to your organization, but as any company who has had a significant security issue can tell you, there’s nothing soft about business downtime, reputation damage, or court proceedings.

The cost of ransomware

Ransomware has emerged as one of the most pervasive forms of cybercrime, and every 11 seconds, another organization falls victim. A report from McAfee estimates that global losses from cybercrime will hit $6 trillion in 2021.  

The average ransomware fee costs organizations hundreds of thousands of dollars, although even higher fees are also possible. It has been confirmed that a fee of $4.4 million was paid out following the Colonial Pipeline ransomware attack. 

Many recent ransomware attacks, such as the one levied against corporate legal services provider Campbell Conroy & O’Neil, P.C., do not simply lock access to data stored across digital networks, but seek to complete a form of double-extortion by again seeking payments to prevent captured information from being leaked online. This trend began in 2019 with the Maze ransomware gang, with groups such as Clop, DoppelPaymer, and REvil following suit. 

The cost of data breaches

For many organizations, the total costs of ransomware attacks rise dramatically when they are also involved in a subsequent data breach. 

In 2021, it cost organizations on average $4.24 million to resolve data breaches caused by ransomware attacks, and the average time to identify a breach was more than 280 days. It is important to note that while these fees will have been allocated towards repairing the technical fallout of a data breach, the true institutional costs of reputational damages and losses to future earning potential are extremely challenging to accurately calculate. 

Data breaches lead to devastating business outcomes. First, your organization will lose customers due to downtime. Downtime is extremely expensive for most businesses with some losing up to $5,600 for every minute they are offline. According to Gartner Research, on average a single hour of downtime costs $300,000 with businesses paying up to $550,000 for a single lost hour in the worst case scenarios. 

You may also face penalties from government fines, the cost of state and federal notifications that may be required if your customers have been affected by the breach or if you are in healthcare or financial services, and legal costs. 

Next, your organization will lose customers due to the negative reputation destroying effects of publicly confirming the breach. A Centrify research study found that 65% of customers significantly lost trust in an organization after being exposed to a data breach. Analysis conducted by IDC found that 80% of customers will not continue to do business with organizations involved with serious data breaches resulting in the release of sensitive personal information. Besides losing trust, many customers are motivated to share their negative experiences following a breach leading to additional negative business outcomes. 

Research conducted by an Interactions Marketing survey outlined that:

  • 85% of customers share negative experiences about being involved in data breaches against the companies they use
  • 33.5% of customers turn to social media to share negative impressions following a data breach 
  • 20% of customers make negative posts directly on company websites after being involved in negative events like data breaches  

The ultimate cost - Bankruptcy

Eventually, you might find all your hard-earned success destroyed as you face the potential dissolving your business all due to being victimized by cybercrime. Cyber attacks cost small and medium sized businesses on average $200,000 to address and many close within 6 months after suffering a serious ransomware attack leading to data breach. 

Many small, medium, and enterprise businesses have filed for bankruptcy as a result of cyberattacks. With 85% of organizations experiencing negative cybersecurity events in any given year, it is easy to see why preventing an attack is much more cost-effective then enduring one.

The cost of mitigation: Tools

As with any part of your business, there are many factors that go into determining your cybersecurity tool budget. Some factors that need to be considered are: 

  • Industry and size of your operation
  • Compliance requirements
  • Sensitivity of the data you collect, use, and share

Estimates of what companies are currently paying vary, ranging from 5.6% to 20% of your company's total IT expenditure. But remember you will need someone to manage those tools.

The cost of mitigation: Hiring professionals

Cybersecurity professionals are in high demand and very costly to hire. If you can, you should consider bringing at least one expert on staff as a security officer

Hiring just a single information security expert is likely to cost between $90,000 to $160,000. When you factor in the additional cost of providing that single professional with the tools they need to do their job the costs dramatically escalate and they are unlikely to be able to provide the same level of support that outsourced Managed eXtended Detection & Response (MXDR) experts can offer on an outsourced basis. 

ROI - Risks vs costs

When analyzed from a risk management perspective, the cost of appropriate cybersecurity defenses, when compared to the risks of ransomware, data breaches, or the ultimate costs of going out of business, provide an extraordinary high value. Think of Cybersecurity as a new kind of insurance, a need-to-have, not a nice-to-have expense of your business.

Access better protection

Understanding cyber dangers and how best to guard against them is critical in today's environment. To help you navigate the risks and know how to lead your teams, we created the ebook: What CEOs Need to Know Now About Cyber Risks and How to Protect Their Business

Download the ebook to learn more about:

  • What cyber security protection is available
  • Where blind sports lie in both known and unknown threats
  • How you can enhance your resilience organization-wide
  • And much more!

Download the free guide today!

New call-to-action

Related Articles


Rapidly Increasing Threats in the Education Sector – Why Cybersecurity Should be a Priority in 2022

Cybersecurity events in the education sector hit record highs in 2021 and are expected to continue...

Read more

Cyber Risks on the Rise for US K-12 School Districts

K-12 school districts across the US are becoming increasingly targeted by cybercriminals. They are...

Read more


100 Spectrum Center Drive, Suite 900, Irvine, California 92618 | Phone: (949) 266-6900