Chief information security officers (CISOs) and other security buyers and leaders seem increasingly inclined to earmark more money to address threats arising from insider risk, according to a study, the 2025 Cost of insider risks global report, published this week by topic specialist DTEX Systems and analysts at the Ponemon Institute.
DTEX’s annual survey of almost 350 organisations around the world found that the average annual cost of insider threats reached $17.4m (£13.7m) last year, and in responding to these growing costs, average insider risk spend doubled from 8.2% of the total cyber budget in 2023 to 16.5% in 2024.
And there is evidence that these higher spending levels may be paying off, because for the first time since the report’s inception six years ago, the average time taken to contain an insider incident dropped, and now stands at 81 days – it was 86 in 2023.
DTEX said users were clearly increasingly aware that they needed to adopt insider risk management services, with 81% saying they now either had or were planning an insider risk management programme.
Of those that already had one, 65% said it was the only security strategy that had enabled them to pre-empt a data breach by providing early warning signals. Additionally, when breaches did occur, 61% said such strategies had been helpful in protecting their organisation’s reputation, and 59% said they had suffered lower financial losses from incidents.
“With escalating foreign interference, global remote workforces and a rapidly shifting political landscape, the need for proactive insider risk management has never been greater,” said DTEX CEO Marshall Heilman. “Insider-driven security incidents result in significant financial and reputational costs. However, organisations investing in dedicated insider risk management programs are achieving faster containment or preventing incidents entirely – a decisive win in the fight against data loss.
“The findings underscore the importance of insider risk management as an essential component of security, and highlight key opportunities for governments, critical infrastructure and commercial organisations to protect sensitive data and maintain operational integrity in an increasingly volatile threat landscape,” he said.
In terms of the cyber technology being deployed to address insider threat, DTEX and the Ponemon Institute found that data loss prevention (DLP) tools, user and entity behaviour analytics (UEBA) services, and user activity monitoring policies were the most deployed solutions, in use at 56%, 51% and 49% of surveyed organisations respectfully. Users are also spending on endpoint detection and response (EDR), privileged access management (PAM), and security information and event management as safeguards against insider risk.
Buyers said they tended to select these technologies based on cost savings, reduced complexity, and faster time to detection.
Additionally, the survey found that 54% of organisations are using artificial intelligence (AI) to some degree in an attempt to detect and prevent insider risks. Out of this group, 51% said they believed AI and machine learning were either absolutely essential or very important tools in this regard. They particularly valued AI’s potential to reduce investigation times, improve behavioural insights, and lower skillsets needed for their own analysts.
US government braced for insider threat spike
Although insider threat is a global issue, there are growing concerns in the United States that the ongoing mass layoffs across the federal government orchestrated by the unelected, far-right tech billionaire Elon Musk via his so-called DOGE group, is not only leaving America’s government agencies understaffed and unprotected against external cyber security threats, but may also be increasing the potential for insider threat as well.
Citing a report compiled by Mimecast, CSO Magazine this week reported that under ordinary circumstances up to 80% of departing workers remove intellectual property (IP) or other forms of data when they exit. Given the chaos, controversy, and recriminations surrounding the Musk-led layoffs, this figure may rise.