CISOs spending more on insider risk

leowolfert – stock.adobe.com

Insider risk management budgets have more than doubled in the past 12 months and look set to grow further still in 2025, according to a report

By

Alex Scroxton,
Security Editor

Published: 26 Feb 2025 13:15

Chief information security officers (CISOs) and other security buyers and leaders seem increasingly inclined to earmark more money to address threats arising from insider risk, according to a study, the 2025 Cost of insider risks global report, published this week by topic specialist DTEX Systems and analysts at the Ponemon Institute.

DTEX’s annual survey of almost 350 organisations around the world found that the average annual cost of insider threats reached $17.4m (£13.7m) last year, and in responding to these growing costs, average insider risk spend doubled from 8.2% of the total cyber budget in 2023 to 16.5% in 2024.

And there is evidence that these higher spending levels may be paying off, because for the first time since the report’s inception six years ago, the average time taken to contain an insider incident dropped, and now stands at 81 days – it was 86 in 2023.

DTEX said users were clearly increasingly aware that they needed to adopt insider risk management services, with 81% saying they now either had or were planning an insider risk management programme.

Of those that already had one, 65% said it was the only security strategy that had enabled them to pre-empt a data breach by providing early warning signals. Additionally, when breaches did occur, 61% said such strategies had been helpful in protecting their organisation’s reputation, and 59% said they had suffered lower financial losses from incidents.

“With escalating foreign interference, global remote workforces and a rapidly shifting political landscape, the need for proactive insider risk management has never been greater,” said DTEX CEO Marshall Heilman. “Insider-driven security incidents result in significant financial and reputational costs. However, organisations investing in dedicated insider risk management programs are achieving faster containment or preventing incidents entirely – a decisive win in the fight against data loss.

“The findings underscore the importance of insider risk management as an essential component of security, and highlight key opportunities for governments, critical infrastructure and commercial organisations to protect sensitive data and maintain operational integrity in an increasingly volatile threat landscape,” he said.

In terms of the cyber technology being deployed to address insider threat, DTEX and the Ponemon Institute found that data loss prevention tools, user and entity behaviour analytics services, and user activity monitoring policies were the most deployed services in use, at 56%, 51% and 49% of surveyed organisations, respectfully. Users are also spending on endpoint detection and response, privileged access management, and security information and event management as safeguards against insider risk.

Buyers said they tended to select these technologies based on cost savings, reduced complexity and faster time to detection.

Additionally, the survey found that 54% of organisations are using artificial intelligence (AI) to some degree in an attempt to detect and prevent insider risks. Out of this group, 51% said they believed AI and machine learning were either absolutely essential or very important tools in this regard. They particularly valued AI’s potential to reduce investigation times, improve behavioural insights and lower skillsets needed for their own analysts.

US government braced for insider threat spike
Although insider threat is a global issue, there are growing concerns in the US that the ongoing mass layoffs across the federal government orchestrated by unelected, far-right tech billionaire Elon Musk via his so-called Doge group, is not only leaving the US’s government agencies understaffed and unprotected against external cyber security threats, but may also be increasing the potential for insider threat.

Citing a report compiled by Mimecast, CSO Magazine this week reported that under ordinary circumstances, up to 80% of departing workers remove intellectual property or other forms of data when they exit. Given the chaos, controversy and recriminations surrounding the Musk-led layoffs, this figure may rise.

Read more on Data breach incident management and recovery

Cyber incident that closed British Museum was inside job

By: Alex Scroxton

With the right tools and strategy, public cloud should be safe to use

Mimecast to buy insider threat specialist Code42

By: Alex Scroxton

Poor digital experience a blocker for cyber resilience

By: Alex Scroxton