Security breaches are far more likely to be caused by careless employees than black hats, new research claims.

From NotPetya and WannaCry to high-profile hacks against major corporations, information security incidents have become mana for mainstream media outlets over recent months.

The widespread coverage of corporate data breaches and other critical infosec scandals should certainly not be discouraged. Increasing awareness of the issues might indeed be one of the most effective ways of affecting change in breach disclosure and accountability legislation.

Interestingly, however, while this week alone has been replete with reports of state-sponsored hacks and 18-year-old ‘cyber terrorists’, new research from the Ponemon Institute has confirmed that the weakest link in a company’s security chain is not the stereotypical hacker-in-a-hoodie, but that, more often than not, these incidents are the result of careless employee actions.

Drawing together interviews from more than 700 security practitioners across 160 organizations around the world, the Ponemon Institute’s latest report, 2018 Cost of Insider Threats, found that the “negligent insider” is the root cause of most data incidents.

According to the report, careless employees or contractors were responsible for 2,081 (64%) of the 3,269 incidents reported, with the cost of each incident averaging at $283,000.

Unsurprisingly, security incidents caused by embedded hackers or other imposters who steal credentials are the most damaging, with the average cost of each incident amounting to $607,000.

Such incidents, however, are far less likely to occur, accounting for 36% of all incidents.

Overall, the Ponemon Institute said the average cost of a data incident against organizations with more than 1,000 employees totaled $8.76 million, with costs being driven by monitoring and surveillance, investigation, escalation, incident response, containment, ex-post analysis, and remediation.

“Insider threats continue to threaten organizations across the globe, ultimately resulting in loss of mission critical data, downtime and lost productivity, and even reputational damage,” said Mike McKee, CEO of ObserveIT, a US-based threat intelligence company which backed the Ponemon study.

“Understanding the growing costs and time associated with preventing and managing insider threats, organizations need to invest in a holistic cybersecurity solution to assist with real-time detection, deterrence, education, and prevention.”

Click here to read the full report.