DTEX Systems announced the findings of the 2025 Cost of Insider Risks Global Report, independently conducted by the Ponemon Institute. For the first time since the inception of the report, the average time to contain an insider incident has declined (81 days, down from 86 in 2023). 

The decrease comes amid growing adoption of insider risk management solutions. The findings show that organizations are spending 16.5% of their annual IT security budget on insider risk management - up from 8.2% in 2023. Eighty-one percent of organizations now have or are planning to have an insider risk management program. Notably, of those with an insider risk management program, 65% say their program was the only security strategy that enabled them to pre-empt a data breach by detecting insider risk early. Meanwhile, 63% of respondents cited faster breach response as a top outcome of early insider risk detection. 

"With escalating foreign interference, global remote workforces, and a rapidly shifting political landscape, the need for proactive insider risk management has never been greater. Insider-driven security incidents result in significant financial and reputational costs. However, organizations investing in dedicated insider risk management programs are achieving faster containment or preventing incidents entirely-a decisive win in the fight against data loss," DTEX Systems CEO Marshall Heilman said. 

"The findings underscore the importance of insider risk management as an essential component of security and highlight key opportunities for governments, critical infrastructure, and commercial organizations to protect sensitive data and maintain operational integrity in an increasingly volatile threat landscape." 

Now in its sixth edition, the 2025 Cost of Insider Risks Global Report is a comprehensive study designed to understand the financial consequences of insider risks caused by negligent or mistaken employees, outsmarted employees (including insider incidents related to credential theft), or malicious insiders. This year's report examines how organizations are funding their insider risk management programs and introduces new data evaluating the effectiveness.

"Our research findings highlight the growing need to drive awareness of the increasing costs of insider risks, often occurring due to employee negligence while handling sensitive data," Ponemon Institute Chairman and Founder Larry Ponemon said.

"This study helps materialize risk by shining light on the increasing cost behind an incident to help organizations reduce containment time and ultimately, reduce cost."

Key findings of the 2025 Cost of Insider Risks Global Report include:

• Post-incident activity costs have climbed significantly, contributing to a higher average annualized cost of insider risk: $17.4M - up from $16.2M in 2023. The average costs of containment ($211,021) and incident response ($154,819) are the most expensive activity cost centers (up from $179,209 and $113,635 in 2023 respectively). Escalation is the least costly activity center at $32,242.
• For the first time since the inception of the report, the time to contain an insider incident has declined. The average time to contain an insider incident has reduced to 81 days, down from 86 days in 2023.
• Insider risk management is affording companies a proactive approach to security through early insider risk detection. 65% said their insider risk management program was the only security strategy that effectively enabled them to pre-empt a data breach by detecting insider risk early.
• Companies with an insider risk management program are saving time, money, and reputational damage associated with a breach. When asked the top three outcomes of having an insider risk management program, 63% said saved time in responding to a breach, 61% said protected brand reputation, and 59% said saved money lost in a breach. 
• Organizations are increasingly adopting insider risk management. The amount of IT security budget allocated to insider risk management has more than doubled, rising from 8.2% in 2023 to 16.5%. Additionally, 81% of companies now have or plan to have an insider risk management program, up from 77% in 2023. 
• Companies expect insider risk management budgets to increase. 45% say the current level of funding is inadequate. 46% expect a mild to significant increase in funding in 2025.
• About half of organizations (49%) agree that technology consolidation is essential or very important. The top three driving factors, ranked by importance, are cost savings (85%), reduced complexity (64%), and faster detection times (61%), followed by scalability (48%), and actionable data (42%). 
• More than half (51%) of organizations say AI and machine learning are essential or very important in the detection and prevention of insider risks. The top three driving factors, ranked by importance, are reduced investigation times (70%), improved behavioral insights (59%), and lowered skillset for insider risk analysts (58%). 
• Health and pharma have the highest average activity costs. The average activity cost for health and pharma is $29.2M, followed by technology and software ($23M). 
• The most prevalent insider security incident continues to be caused by negligent or careless employees. 55% of incidents are due to employee negligence or mistakes, while 25% of incidents are caused by malicious insiders, and 20% by outsmarted insiders.

Sponsored by DTEX Systems, the 2025 Cost of Insider Risks Global Report is based on responses from 8,306 IT and IT security practitioners in 349 organizations across North America, Europe, Middle East, Africa, and Asia-Pacific region.

Read the complete 2025 Cost of Insider Risks Global Report here.