When it comes insider threats, who should you be more concerned about — negligent employees or malicious ones?

If you picked the former category, you can pat yourself on the back. (But just for a second.)

Not only are negligent employees responsible for vastly more security incidents than malicious workers, but the cost of their security failures is far more than the intentional damage caused by malicious insiders.

These insights are from one of the most up-to-date and comprehensive investigations of the impact of insider threats in the U.S.

Published in September 2016 by the Ponemon Institute, this report is based on interviews with nearly 300 IT and security practitioners at 54 U.S. organizations for the purpose of understanding the direct and indirect costs of insider threats.

The average cost of an insider threat is a massive $4.3 million per incident, according to the Ponemon Institute study.

Its definition of insider threats includes three categories of actors: careless or negligent employees or contractors, criminal or malicious insiders, and credential thieves. Credential thieves are “external actors who steal the credentials of legitimate employees/users,” which means they are not, in fact, insiders (i.e., employees or contractors).

This definitional anomaly makes the Ponemon Institute report less precise than it should be, but this third category of participants does not undermine the study’s results concerning both negligent and malicious actors. And on the other hand, it arguably provides a useful data point for statistical comparison with the two types of legitimate inside threats.

Here are three key takeaways about the costs and dangers posed by negligent and malicious insiders:

Nearly seven in 10 security incidents are caused by negligent employees. Inattentive employees caused 68 percent of the security incidents while criminal employees caused 22 percent. (Credential thieves instigated just 10 percent.)

The cost of security incidents perpetrated by malicious insiders is higher per instance. However, negligent employees cause more overall damage to your bottom line.

Criminal and malicious insiders cost $347,130 per incident while hapless employees cost $206,933 per incident. But because there are more incidents caused by careless employees, their total cost is higher.  The average annualized cost for employee negligence is $2.3 million. For criminal or malicious employees, it’s $1.2 million. (For credential thieves, it’s $.78 million.)

On average, an insider threat goes undetected for more than two months. For the majority of respondents (58 percent), it took an average of 65.4 days to detect an insider threat. Meanwhile, for nearly one-third of the respondents (28 percent), it took 90 days or longer.

What you can do

To counter the threats posed by insiders, security experts suggest CIOs take the following six actions:

1. Hire wisely

The first step toward preventing insider threats starts with your company’s hiring practices. You and your HR department need to thoroughly vet prospective employees to avoid hiring workers who turn out to be trouble. Conduct thorough background checks, including social media, for signs of trouble.

2. Improve your security awareness training

One of the keys to preventing insider threats is an educated and well-trained workforce. A recent Ponemon study of anti-phishing programs found that a typical program produced a 37-fold return on investment.

3. Control and restrict data access

Naturally, some corporate information is more valuable, but every enterprise needs to protect data such as its intellectual property, trade secrets, and customer data. For instance, enlist the help of enterprise mobility management solutions to secure and manage employees’ mobile devices and apps and control their data access. Likewise, you can harden your negligent employees’ defenses by providing them with a cloud-based as-a-service security solution, so their online activity is well protected even when they’re most vulnerable, such as working remotely.

4. Monitor employee behavior and data usage

Organizations can improve their defenses against insider threats by monitoring employee behavior and the flow of data in their networks. User behavior analytics programs can monitor an employee’s activity and data access, assess risk levels, and automatically terminate the employee’s access if their activity is deemed suspicious.

The Ponemon insider threat study found that user behavior analytics provides the highest incremental cost savings of the seven risk-reducing tools and activities it studied.

5. Focus on system admins

Security-savvy enterprises assess all of their employees according to their privilege levels and rank them according to their risk level. System administrators, however, pose the largest security threat as they often possess nearly unfettered data access. For this reason, they are chief targets of hackers or insiders who want their login credentials. For these and other reasons, system admins warrant additional security protection, such as the mandatory use of multifactor authentication and extra supervision.

6. Work closely with HR

One of your best allies in preventing or detecting malicious insider threats is the HR department. The deliberate sabotage of an enterprise’s IT systems or the destruction of business data often occurs after an offending employee has received a bad job review, been demoted, or placed on probation. HR should notify you and other appropriate individuals when there is an increased risk that a troubled employee might decide to wreak havoc upon your organization.

Every CIO is concerned about external threats like cybercriminals, corporate spies and hostile nation-states. But these bad actors need to gain access to your network; negligent or malicious employees are already lurking inside your network.