Insiders Often Responsible for $388B Annual Cost of Cyber Security Breaches

Share Article

Human error, whether inadvertent or malicious, is a key factor in many cyber security threats. Organizations can mitigate the threat by identifying potential weaknesses, controlling access, educating employees and utilizing stronger human resources processes, cites Spohn Security Solutions.

Timothy Crosby, Senior Security Consultant for Spohn Security Solutions, discusses the annual cost of cyber security breaches.

While some employees may act maliciously against their organization, many cyber security breaches are due to negligence or inadvertent error.

Nearly one-third (32%) of businesses have been victims of a major cyber-attack over the past year according to a current survey jointly published by Harvey Nash/KPMG.1 Each year, the corporate world loses $388 billion dealing with, and recovering from, breaches in cybersecurity 2 – the amount spent on remediating computer viruses alone has reached about $55 billion per year.3 While cyber criminals generate considerable attention and news, cybersecurity experts like Spohn Security Solutions indicate that much of the threat comes from within an organization.

The Harvey Nash/KPMG survey of 4,500 CIOs and technology leaders from around the world found that the insider threat is the fastest-growing security risk of all.1 55% of businesses surveyed reported a security breach due to a malicious or negligent employee, though 60% believe their employees are not knowledgeable or have no knowledge of the company’s security risks.4 Alarmingly, 50% of the individuals causing a breach were granted insider IT system access by their organization.5

OneLogin, a startup in California that helps enterprise companies secure cloud applications, recently failed to protect its own data against a breach, compromising 2,000-plus clients. The error, which was detected May 31, though inadvertent, is causing the company to focus its efforts on trying to restore customers’ trust. Clients include Pinterest, Airbnb, Yelp and Pandora.6

“Employees and contractors pose a great security risk to businesses as they have been provided with access to a company’s network infrastructure,” points out Timothy Crosby, Senior Security Consultant for Spohn Security Solutions. “While some employees may act maliciously against their organization, many cyber security breaches are due to negligence or inadvertent error.”

Businesses who fail to communicate potential risks and how to defend against them are likely to experience non-malicious threats to security due to human error. In fact, 95% of cyber security breaches are due to accidental human error.5 Such security breaches may include accidentally posting sensitive information on the company’s public-facing website, emailing restricted information to the wrong party or improperly disposing of confidential records.5

To safeguard a network, security experts believe it is imperative to identify potential vulnerabilities through a information security risk assessment. A business must be aware of the intricacies of their own network in order to guard against cyber breaches. Company leaders should have knowledge of what data must be protected, where this data resides on the network and who has access to it. Once vital and sensitive data is identified, access should be restricted and backups created.4

Once weaknesses have been identified through a IT risk assessment, an organization should tightly control employee access to network infrastructure and restricted data.1 “Human resources and the IT department need to work together to coordinate access to sensitive systems and information,” adds Crosby. “Until an employee is familiar with security protocols and the proper way to handle sensitive data, they should not be granted full access.”

Crosby additionally recommends using a professional third-party security service to vet new technical employees and contractors before they are given clearance to work within a business’s infrastructure. In addition, it is important to promptly disable access to the system when an employee leaves the company.1

For nearly 20 years Spohn Security Consultants has developed assessment tools, conveyed risks to clients, recommended best practices to mitigate risks, and provided training as a means of staying ahead of the threat waves and helping clients.

About Spohn Consulting:
Spohn Consulting, Inc., an Austin, Texas-based privately held company established in 1998 by Darren L. Spohn, is an authority in navigating fortune 500 companies and medium-to-small businesses through security business challenges of the 21st Century. Spohn Consulting works with organizations to assess the security status of their networks, information, and systems based on Identification and Authorization resources, e.g., people, hardware, software, policies, and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Customized instructor-led training and telecom services round out the key divisions. Utilizing varied scopes of engagement, they deliver recommendations which can be measured against best practice or compliance standards. For more information on Spohn Consulting, Inc., their security status assessments and instructor-led training, visit

1.    Verbree, Martijn. "Cybersecurity: Why You Should Fear Insider Threats." Management Today. N.p., 23 May 2017. Web. 09 June 2017.

2.    Albanesius, Chloe. "Cyber Crime Costs $114B Per Year, Mobile Attacks on the Rise." PCMAG. N.p., 07 Sept. 2011. Web. 09 June 2017.

3.    WebpageFX Team on January 13, 2015. "What Is the Real Cost of Computer Viruses? [Infographic]." WebpageFX Blog. N.p., 12 Jan. 2015. Web. 09 June 2017.

4.    Summerfield, Richard. "Dealing with Cyber Breaches in the Supply Chain." Financier Worldwide. N.p., June 2017. Web. 09 June 2017.

5.    "IBM 2015 CybersSecurity Intelligence Index." IBM, 24 July 2015. Web. 09 June 2017.

6.    “OneLogin Works to Restore Customers’ Trust After Data Break-in” San Francisco Chronicle, 12 June 2017. Web.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Karla Jo Helms
+1 (888) 202-4614 Ext: 802
Email >