Organizations waste an average $1.37 million annually in time responding to erroneous malware alerts.
Organizations waste an average $1.37 million annually in time responding to erroneous malware alerts.

A lack of proper endpoint security could be costing enterprises an average of $6 million a year, according to a recent survey.

Researchers said IT departments waste money on endpoint detection methods that break requiring continuous manual human intervention or that fire off a high number of false results that are caused in part by a lack of situational awareness, according to a recent Ponemon study sponsored by Absolute.

The study surveyed 556 IT and IT security practitioners and found 63 percent of enterprises can't monitor at-risk dark endpoints and as a result are leaving 50 percent of endpoints vulnerable to breaches. Also, 55 percent of respondents reported having their endpoint management and security applications removed or corrupted.

Furthermore organizations waste an average $1.37 million annually in time responding to erroneous malware alerts and could save nearly $2.1 million annually with automated endpoint security solutions.

The study found these firms waste an average of 425 hours is wasted each week chasing false negatives and/or false positives.

Out-of-date, unpatched or corrupted endpoint agents are the most common endpoint security gaps and 53 percent of respondents reported malware infected endpoints increased in the last 12 months.

 “The majority of employees are mobile today and they are taking proprietary data with them,” Absolute Senior Vice President of Marketing Pam O'Neal, told SC Media. “This presents an enterprise security concern because our own audit data shows more than 62 percent of these endpoints contain sensitive/proprietary data like SS, credit card or personal health data.”

O'Neal went on to say it's impossible to understand and improve your security posture without clear visibility into and automated remediation of your endpoints and endpoint controls.

She added while automation is not the only fix, it is a primary factor in the success or failure of endpoint security plans because no organization has a security team large enough to maintain those agents manually.