A new study has found internal employees are the biggest security threat to a company, with IoT devices being the most vulnerable. 

Cybersecurity threats from the inside, whether it’s from contractors or employees, continue to be a growing worldwide concern, with vulnerable IoT devices at the greatest risk for data losses.

Those insider threats have increased in both frequency and cost over the past two years, according to the Ponemon Institute’s Proofpoint’s 2022 Cost of Insider Threats Global Report.

The 2022 report includes survey responses from more than 1,000 IT professionals worldwide who experienced a recent cybersecurity incident due to an insider threat. 

Of those surveyed, 63% said they are worried about unmanaged IoT devices resulting in the loss of sensitive data, by the cloud (52% of respondents) and the network (51%).

The findings show threats rose 44% over the past two years, with costs per incident up more than a third to $15.38 million.

In large part, that increase in cost is a result of the increase in time leading organizations spend to contain insider incidents, from 77 days to 85 days. Incidents that took more than 90 days to contain cost organizations an average of $17.19 million on an annualized basis.

Negligence was determined to be the root cause of most insider incidents. A total of 3,807 attacks, or 56%, were caused by employee or contractor negligence, costing on average $484,931 per incident.

Malicious insiders caused only 26%, or 1,749 incidents, but at a higher cost per incident of $648,062. With more employees gaining greater access to work from outside the office, malicious insiders are harder to detect than external attackers or hackers, according to the report.

Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, said the months of remote and hybrid working environments brought on by the pandemic attributed to these increased insider threats. 

“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” said  Kalember. “In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data and infrastructure.”

To minimize risk companies can make sure employees fully understand the laws and regulatory requirements related to their work and understand the steps to keep their devices secure at all times. 

Ponemon Institute founder and chairman Dr. Larry Poneman said insider threats continue to climb both in frequency and remediation costs. 

“That said, we are seeing the risk of malicious insider threats increase – with more users accessing business data from outside the confines of the office,” Poneman said. “This can blur the security team’s ability to identify and differentiate between well-meaning employees, and malicious insiders trying to siphon sensitive business data.”