When many people think of data breaches and cyberattacks, their first assumption is that a malicious internal party caused them. However, insider threat statistics show that it is also highly likely that someone inside the affected organization has caused the cybersecurity problems. Additionally, these parties do not always do so because they desire to harm the company. Sometimes, they make mistakes with disastrous consequences.
In any case, insider threats are growing concerns to cybersecurity professionals and company leaders who want to keep data safe.
2020 Insider Threat Statistics
- A 2020 study found 61% of respondents experienced at least one insider attack over the past year, and 49% said it usually took at least a week to detect the incident.
- Career advancement was the motive for 57% of individuals who carried out insider attacks before departing their organizations. This was the case even when supervisors were unaware of an employee’s intention to leave.
2021 Insider Threat Statistics
- According to a 2021 survey, 68% said insider threats had become more frequent over the past year. Additionally, only 2% of those polled believed they were not at all vulnerable to them.
- More than 75% of insider threats are non-malicious, although when they expose data, the ramifications can cost up to 20% of a company’s annual revenue.
2022 Insider Threat Statistics
- Individual negligence was the primary cause behind 56% of insider-driven incidents, such as if people did not follow cybersecurity policies or forgot to update their devices. Additionally, these issues cost an average of $484,931 each.
- A report indicated that 35% of unauthorized data access instances occurred due to insider threats in the third quarter of 2022.
2023 Insider Threat Statistics
- During a year in which 25% of responding organizations experienced more than six insider attacks, 75% of participants indicated they felt moderately to extremely vulnerable to these risks.
- Almost half (47%) of people who own small to medium-sized businesses in the United Kingdom believe the cost-of-living crisis puts them more at risk of insider attacks. For example, 20% of survey participants worried employees would steal proprietary data for financial or competitive gain.
2024 Insider Threat Statistics
- Statistics indicated less than 30% of respondents believed they possessed the right tools to handle insider threats. Moreover, only 21% had fully implemented and operationalized internal programs to deal with them.
- As chief information security officers assess the emerging threat landscape, 80% view negligent employees as key security risks over the next two years. Additionally, nearly three-quarters of respondents (74%) chose that issue as their most significant vulnerability.
Insider Threat Facts
Companies of all sizes and types can become part of insider threat statistics. Factors within and outside employees’ direct influence can make these issues more likely. Consider if a worker consistently gets asked to do too many things at once and eventually makes the mistake of sending sensitive information to the wrong person. Poor management was likely a strong contributor to that outcome.
Some situations fall into somewhat of a gray area. For example, some people use apps at work to increase their productivity, but IT departments don’t know about it. The users may not immediately recognize the potential security risks of that decision. At the same time, IT departments should ideally be more proactive.
One option is to explicitly require all workers to agree that they will not use any programs without the explicit permission of the IT team. Another approach is to have an IT department member set up each workplace device and have monitoring tools on it to verify which apps people use and prevent them from downloading any others.
Insider threats can also occur due to training gaps, such as if some people receive the details of a new cybersecurity policy while another team never does or gets the information late. Scheduling training strategically to give appropriate coverage across all departments is a smart preventive measure.
Insider Threat FAQs
People frequently discuss insider threats, but some may still need some clarification about the topic. Many common questions arise.
Who Are Insiders?
One misconception is that insiders are always a company’s employees. However, they can be anyone with access to the organization’s information. So, insiders could be visitors, interns, vendors, contractors and any others.
What Are the Main Types of Insider Threats?
Insider threats generally fall into two main categories: Unintentional and intentional. Those in the first group make accidental mistakes or show negligence that causes the cybersecurity issue. Then, intentional threats come from so-called malicious insiders. These parties take purposeful actions to harm organizations, either to benefit themselves or get revenge for perceived slights.
There is also an important subset to cover here. Collusive threats occur when insiders collaborate with outside parties, and all of them work together to harm the organization in question.
Does Remote Working Worsen Insider Threats?
Evidence suggests allowing employees to work remotely could raise organizations’ insider threat risks. That’s because it is harder for IT teams to oversee what distributed teams do, and some potential risks are virtually impossible to detect. For example, someone might take a screenshot during a Zoom meeting, capturing confidential information they intend to leak to competitors. However, establishing best practices, setting expectations and maintaining a security-centered culture can significantly reduce such issues.
Emerging Trends in Insider Threats
What should people be aware of regarding the changing insider threat landscape as they try to stay as safe as possible? One emerging trend is that inadequate offboarding techniques can put companies at risk. More specifically, employees may still be able to access company information after leaving their roles. However, using account control dashboards with automated features can reduce or eliminate the manual steps taken to revoke privileges when someone departs.
Cybersecurity researchers have also warned that more insider threats include privilege escalation. Their investigation centered on on-premises incidents and found that people more frequently use their privilege escalation exploits to increase what they can do once inside an organization’s infrastructure. However, keeping software updated and patched against vulnerabilities are two straightforward and effective measures to take. Many insiders seeking to benefit from privilege escalation capitalize on known system weaknesses.
Awareness Reduces Insider Threats
This overview will help you understand your organization’s insider threats, allowing you to take decisive steps to reduce them. Knowing about this issue goes a long way in encouraging people to establish appropriate safeguards while recognizing how they could unintentionally cause or contribute to an insider threat through mistakes or oversights.
Recent Stories
Follow Us On
Get the latest tech stories and news in seconds!
Sign up for our newsletter below to receive updates about technology trends