22 Insider Threat Statistics to Look Out For in 2023

Deyan Georgiev
close Deyan Georgiev

Updated · Apr 19, 2023

Deyan Georgiev
Website Manager | Joined October 2021

Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Fa... | See full bio


Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

With so many articles - and not to mention movies - about hackers leaking people’s data, we’ve all become more or less paranoid about it.

Now imagine if you’re responsible for the data of like 100 employees and clients.

Scary, right?

Cybersecurity has become a thing of concern for both big and small businesses around the globe. There are billions of such records either stolen or corrupted due to data breaches.

Such an attack can cause much damage to any business. But people tend to overlook the "Insider Threat."

Insider threat statistics reveal that these dangers can come from employees, firm contractors, or other trusted associates that have easy access to your network.

Eye-Opening Insider Cyber Threat Statistics

Coming up are some insider threat stats to inform you of the dangers posed by such attacks:

  • Businesses in the US encounter about 2,500 internal security breaches daily.
  • More than 34% of businesses around the globe are affected by insider threats yearly.
  • 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks.
  • Over the last two years, the number of insider incidents has increased by 44%.
  • The cost per insider threat in 2022 is $15.38 million.
  • Insider threat stats reveal that more than 70% of attacks are not reported externally.
  • The percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25%.

General Insider Threat Statistics for 2023

Insider threat is unarguably one of the most underestimated areas of cybersecurity. However, recent development and insider threat reports have indicated a rapid increase in the number of insider attacks. These have forced cybersecurity experts to pay closer attention to the damaging nature of insider threats. 

We have taken our time to gather some mind-boggling statistics on insider threats just for you! 

They reveal why every business needs to invest heavily in cybersecurity to help keep insider attacks at bay.

1. Insider threats have increased by 44%.

(Source: Proofpoint)

So what do the 2022 insider threat statistics report?

Incidents have risen 44%, costing about $15.38 million per single one. Credential theft takes center stage—it has gone up by a whopping 65%. That’s from $2.79 million in 2020 to $4.6 million in 2022.

2. More than two out of three insider threat incidents are caused by negligence.

(Source: Observe IT)

Although insider threats can come from malicious employees and contractors, insider threat stats have revealed that the majority of them originate from negligence on the part of your employees and other close associates.

3. 55% of organizations identify privileged users as their greatest insider threat risk.

(Source: Observe IT)

There is no denying the ever-existing threat posed by external attackers. However, the solution might be simple.

A proper cybersecurity measure is always enough to keep them out of your business continually. 


When these threats occur as a result of the actions of certain privileged users, there is only so much that can be done. Most times, the said users reveal administrative data by mistake, and not intentionally. Hence, it is essential that they are adequately briefed on cybersecurity measures. 

4. Insider threat statistics reveal that 70% of organizations see more frequent insider attacks.

(Source: Security Round Table)

Insider threats have reportedly increased in the last two years. Now, the majority of organizations are beginning to watch out for them even more.

Because insider attacks can sometimes pass for external data breaches, it is not new to find that organizations will sometimes confuse them. Still, with the help of cybersecurity and insider threat awareness by IT professionals, more organizations are now able to differentiate and identify an insider threat.

5. 68% of organizations claim that they feel extremely to moderately vulnerable to frequent attacks from hackers.

(Source: Malware Bytes)

Businesses need to stay on their toes when it comes to cybersecurity. Unfortunately, insider threat statistics reveal that only 1 in 10 organizations believe their cybersecurity meets the needs of their business. 

6. Insider threat stats show that 85% of organizations say that they find it difficult to determine the actual damage of an insider attack.

(Source: Security Round Table)

The data above goes to show how dangerous and damaging an insider attack can be to a business. Regardless of whether the threat is coming from a malicious or a negligent user, insider threats can be devastating. Especially given the amount of sensitive information at the disposal of the malicious insider. 

The ease of access to this information is also something to worry about. The location of sensitive files may take a while for an external threat to find. An insider knows where to look for the info they need.

7. Every year, more than 34% of businesses worldwide are affected by insider threats.

(Source: Sisa Infosec)

According to insider threat statistics, a good number of businesses are always affected by insider threats each year. This opens the doors for data thieves to carry out the exfiltration of critical information.

8. 70% of organizations say that they are worried about unavoidable data breaches.

(Source: Haystax)

Attacks can come from malicious users, negligent employees, contractors, or from unintentional users. Even though negligent employees cause more insider threats, business owners say that they are more concerned about cybersecurity factors beyond their control. 

9. Fraud, monetary gains, and theft of intellectual properties are the major factors driving insider threats.

(Source: Fortinet)

A survey by Fortinet revealed that fraud (55%), monetary gains (49%), and IP theft (44%) are the three most underlying reasons behind insider threats. The insider threat survey goes further to tell us that the finance department (41%), the customer access department (35%), and the research and development department (33%) are most vulnerable to cyber-attacks.

10. The percentage of insider incidents perpetrated by trusted business partners typically ranges between 15% and 25% across all insider incident types and industry sectors.

(Source: Insights)

External contractors are given the same top-level access to a network as those given to employees in an organization. Unfortunately, some contractors have been known to abuse such freedom in the past. 

Sectors like finance and insurance (38%) have seen the highest insider attacks due to contractor errors or malicious activities. Others like healthcare (18%), information technology (22%), the federal government (31%), state and local government (16), and entertainment (30%), have also experienced contractor breaches in the past.

11. It will take a business an average time of 197 days to identify a data breach.

(Source: TechJury)

It takes another 77 days on average to recover from one. It is vital that businesses pay closer attention to cybersecurity.

12. Cybercrime has increased 600% due to the COVID-19 pandemic.

(Source: PurpleSec)

The top five cybercrimes are: extortion, identity theft, personal data breach, non-payment, and phishing attacks.

Moreover, such attacks make up 1% of the Global GDP. They will cost $10.5 trillion yearly by 2025.

13. Credential threats cost organizations $871,000 per incident.

(Source: PurpleSec)

When we think of insider threats, we mostly think of a disgruntled employee on a malicious rampage. Well, there’s that, and then there are negligent or credential insiders.

Credential insiders are workers who knowingly or unknowingly share their login details. According to the latest insider threat stats, over half (67%) of data breaches are the result of stolen credentials. What’s more, credential leaks increased by a massive 129% year-over-year.

Insider Threat Data Breach Statistics

With the recent surge in insider data breach cases, more businesses are now experiencing attacks from insider threats.

14. Businesses in the US encounter about 2500 internal security breaches every day.

(Source: IS Decisions)

A recent survey on cybersecurity insider threat statistics revealed that only one in five IT professionals consider insider threats to be a security concern. Only 39% of organizations have a team of cybersecurity experts with the right understanding of information security to evaluate cyber risk and implement preventative measures fully. 

This explains why there is always a regular occurrence of internal security breaches amongst US businesses. There is the negligence of security protocols on the part of employees, employers, and IT personnel.

15. 90% of cyber-attacks result from human error.

(Source: Finances Online)

What further do the 2022 insider threat statistics tell us?

A whopping 90% of data breaches occur due to human error! People continue to play an immense part in such incidents, whether it’s because of stolen credentials, phishing, misuse, or simple errors. Usually, end-users, system admins, or developers unintentionally cause them.

The Cost of Insider Threats for Businesses

With the persistent increase of insider threats comes the task of improving cybersecurity to help tackle such threats. The cost of insider threat cybersecurity is skyrocketing. Just take a look:

16. Risk management and information security spending will reach $172 billion in 2022.

(Source: ARN)

The latest business insider threat statistics reveal that 69% of organizations plan to channel more money to cyber risk management and information security. In addition, 26% are preparing to allocate 10% more to their budgets.

In 2022, the overall expenditure will be $17 billion more than in 2021.

That’s not all:

49% of businesses will direct more funds into cybersecurity because of compliance or best practices. 35% will do it due to security incidents, while 38% will act because of digital transformation risks.

17. Companies spend most on insider threat containment.

(Source: 2022 Cost of Insider Threat Global Report)

It takes up to 85 days to stop an insider threat from causing more damage. 

Moreover, according to the 2022 insider threats statistics, the average cost per incident containment during that period is $184,548. The ex-post analysis is the least expensive at $26,563.

Although monitoring and surveillance have one of the lowest expenditures, at around $35,000, they still show one of the highest net increases. The 2022 figure is up 114% from the 2016 one!

18. Overall, organizations are spending 60% more than they spent three years ago, dealing with all kinds of insider threats.

(Source: Observe IT)

Investigation and detection are two primary drivers for increased insider threat cybersecurity measures. 

Insiders pose as much threat as external bodies. Organizations are beginning to dedicate a specific budget to the fight against insider threats from all angles.

19. Retail and financial services have the highest insider threat costs.

(Source: Proofpoint)

Financial companies spending on insider threats averages about $21.25 million. That’s a 47% rise compared to the previous year. Retail costs on the same have skyrocketed by 62%, reaching around $16.56 million.

20. Larger organizations spend $10.24 million more on insider threat cases compared to smaller organizations.

(Source: Observe IT)

A larger organization means a higher amount of data to deal with. Insider threat statistics reveal that larger organizations with a workforce of 75,000 and above spent an average of $17.92 million on insider threat cases in. Smaller organizations with a workforce of 500 or less spent $7.68 million on the same cause.

Insider Cyber Attacks

This section covers the various forms of insider attack and different ways on how they can successfully hack your network.

21. 67% of accidental insider threats still come from phishing attacks.

(Source: US Cybersecurity)

Phishing attacks remain one of the oldest and most effective ways for hackers to penetrate a network. Phishing emails are carefully designed to trick users into clicking on a corrupt file or filling out survey forms that contain confidential information. The info is later exploited for selfish gains. A good majority of insiders and contractors that fall for phishing emails are accidental.

22. Emails are responsible for 94% of malware.

(Source: CSO Online)

Malware, which is one of the most successful forms of cyber attacks, is still being transferred mostly through emails. It is also spread via other means such as websites and apps.

The Most Notable Internal Data Breaches in the World

1) In 2013, Edward Snowden, a security operative and subcontractor for the CIA at the time, exposed some classified documents. This resulted in the implication of both the National Security Agency (NSA), and the Five Eyes (FVEY) (comprising the US, UK, Canada, New Zealand, and Australia). Snowden used his CIA authorization and easy access to classified information. His actions brought to light the mass surveillance of US, UK citizens, and citizens of other nations being carried out by both the NSA and FVEY. The case of Edward Snowden is a typical example of how dangerous and effective an insider threat can be. Despite the network of security at the disposal of a government body like the NSA, they were still unable to detect the malicious insider attack by Snowden until after the deed was done.

2) One woman was able to hack her employer, the Capital One Company, and many others using her skill set as a former Amazon Web Service employee. Insider threat facts reveal that this lady was able to obtain the social security number of 140,000 citizens, 1 million Canadian Insurance Numbers, personal information of 100 million customers, and 80,000 bank account numbers of customers.

3) A structural engineer and contractor to the US government were able to exfiltrate hundreds of boxes worth of documents about the military and spacecraft programs of the US government from 1979-2006. This also shows how much an insider threat can go under the radar unnoticed.

4) The Punjab National Bank attack happens to be one of the costliest insider attacks ever recorded in history. An employee was able to transfer funds worth £1.5 billion (about $1.84 billion) through letters of undertaking and foreign letters of credit using the Swift interbank communications system to authorize the transfer.

Types of Insider Threats

There are several types of insider threats and we'll cover them in more detail below.

Negligent Workers

These types of insider threats are employees who, despite a laid down cybersecurity protocol, would still ignore those protocols. They do whatever they feel like on the server, thereby placing the whole network at risk. These types of employees have no intent to harm the organization, but their actions are capable of causing a security breach.

Malicious Workers

The type of employees or close associates that intentionally cause harm to an organization by exposing sensitive business data to external threats or using them for personal gains. 

Unintentional Insider Threats

This type of insider threat is workers that go about their daily duties, following organizational rules, and have no malicious intent at heart. However, unknown to them, they must have already been infected with malware or virus. Thereby placing the whole organization at risk of a cyber-attack. Most business owners are scared of this form of cyber attack.

Inside Agents

Inside agents are employees in partnership with hackers who are trying to gain access to the server of their place of work. They play the role of either stealing or helping an external body infect their employer server with malware.

What Makes Insider Attacks so Dangerous?

The reason insider attacks are harmful and yet challenging to identify is that these people already have access to your network. Also, they have access to files and folders.

Insider threats can either be intentional/deliberate or unintentional. Deliberate threats can come from insiders with grudges, in need of monetary gains, or just a desire to sabotage a company. Breaches can also occur unintentionally due to the careless nature of an employee while performing their daily office duties.

Wrap Up

Although often overlooked, inside threats pose as much danger as external threats. If not a bigger one.

The frequency of insider threats is ever increasing. Thankfully, more businesses are now beginning to understand the imminent dangers posed. That said, more and more companies do a background check on their future hires to avoid any potential dangers. 

What have you done to protect your business?


Who are cybersecurity insiders?

Cybersecurity insiders is an online community of over 400,000 information security professionals across the globe. They aim to provide organizations with everything related to cybersecurity. Such resources span across news updates, software updates, and new technological entrants into the cybersecurity network.

What percentage of attacks were insider threats?

Insider threats make up 60% of cyber attacks in today's world. Given that that can be very difficult to detect, they are sometimes overlooked or considered as external threats.

What is an example of an insider threat?

Gregory Chung is a good insider threat example. Mr. Chung, who happens to be an engineer at Rockwell, and later Boeing used his security clearance to steal information on military and spacecraft programs from the government. For years, between 1976 to 2006, he traded these secrets with China in exchange for a specific fee until he was caught. Another excellent example of an insider threat is the Facebook employee who used his access privileges to stalk women online until he was caught and subsequently sacked.

What impact could insider threats have on your company?

Insider threat statistics are clear - such threats could have far-reaching damage to your company. Especially if it is not detected early enough. That of Mr. Chung alone went on for about 19 years, and the resulting damage was overwhelming. According to malicious insider threat statistics, the longer these attacks go unnoticed, the more damage they cause to a company. Like we discussed earlier, attacks that take more time to resolve cost more than those that require less time.


Deyan Georgiev

Deyan Georgiev

Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.

Leave your comment

Your email address will not be published.