

Updated · Jun 07, 2023
Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Fa... | See full bio
With so many articles - and not to mention movies - about hackers leaking people’s data, we’ve all become more or less paranoid about it.
Now imagine if you’re responsible for the data of like 100 employees and clients.
Scary, right?
Cybersecurity has become a thing of concern for both big and small businesses around the globe. There are billions of such records either stolen or corrupted due to data breaches.
Such an attack can cause much damage to any business. But people tend to overlook the "Insider Threat."
Insider threat statistics reveal that these dangers can come from employees, firm contractors, or other trusted associates that have easy access to your network.
Coming up are some insider threat stats to inform you of the dangers posed by such attacks:
Insider threat is unarguably one of the most underestimated areas of cybersecurity. However, recent development and insider threat reports have indicated a rapid increase in the number of insider attacks. These have forced cybersecurity experts to pay closer attention to the damaging nature of insider threats.
We have taken our time to gather some mind-boggling statistics on insider threats just for you!
They reveal why every business needs to invest heavily in cybersecurity to help keep insider attacks at bay.
(Source: Proofpoint)
So what do the 2022 insider threat statistics report?
Incidents have risen 44%, costing about $15.38 million per single one. Credential theft takes center stage—it has gone up by a whopping 65%. That’s from $2.79 million in 2020 to $4.6 million in 2022.
(Source: Observe IT)
Although insider threats can come from malicious employees and contractors, insider threat stats have revealed that the majority of them originate from negligence on the part of your employees and other close associates.
(Source: Observe IT)
There is no denying the ever-existing threat posed by external attackers. However, the solution might be simple.
A proper cybersecurity measure is always enough to keep them out of your business continually.
But.
When these threats occur as a result of the actions of certain privileged users, there is only so much that can be done. Most times, the said users reveal administrative data by mistake, and not intentionally. Hence, it is essential that they are adequately briefed on cybersecurity measures.
(Source: Security Round Table)
Insider threats have reportedly increased in the last two years. Now, the majority of organizations are beginning to watch out for them even more.
Because insider attacks can sometimes pass for external data breaches, it is not new to find that organizations will sometimes confuse them. Still, with the help of cybersecurity and insider threat awareness by IT professionals, more organizations are now able to differentiate and identify an insider threat.
(Source: Malware Bytes)
Businesses need to stay on their toes when it comes to cybersecurity. Unfortunately, insider threat statistics reveal that only 1 in 10 organizations believe their cybersecurity meets the needs of their business.
(Source: Security Round Table)
The data above goes to show how dangerous and damaging an insider attack can be to a business. Regardless of whether the threat is coming from a malicious or a negligent user, insider threats can be devastating. Especially given the amount of sensitive information at the disposal of the malicious insider.
The ease of access to this information is also something to worry about. The location of sensitive files may take a while for an external threat to find. An insider knows where to look for the info they need.
(Source: Sisa Infosec)
According to insider threat statistics, a good number of businesses are always affected by insider threats each year. This opens the doors for data thieves to carry out the exfiltration of critical information.
(Source: Haystax)
Attacks can come from malicious users, negligent employees, contractors, or from unintentional users. Even though negligent employees cause more insider threats, business owners say that they are more concerned about cybersecurity factors beyond their control.
(Source: Fortinet)
A survey by Fortinet revealed that fraud (55%), monetary gains (49%), and IP theft (44%) are the three most underlying reasons behind insider threats. The insider threat survey goes further to tell us that the finance department (41%), the customer access department (35%), and the research and development department (33%) are most vulnerable to cyber-attacks.
(Source: Insights)
External contractors are given the same top-level access to a network as those given to employees in an organization. Unfortunately, some contractors have been known to abuse such freedom in the past.
Sectors like finance and insurance (38%) have seen the highest insider attacks due to contractor errors or malicious activities. Others like healthcare (18%), information technology (22%), the federal government (31%), state and local government (16), and entertainment (30%), have also experienced contractor breaches in the past.
(Source: TechJury)
It takes another 77 days on average to recover from one. It is vital that businesses pay closer attention to cybersecurity.
(Source: PurpleSec)
The top five cybercrimes are: extortion, identity theft, personal data breach, non-payment, and phishing attacks.
Moreover, such attacks make up 1% of the Global GDP. They will cost $10.5 trillion yearly by 2025.
(Source: PurpleSec)
When we think of insider threats, we mostly think of a disgruntled employee on a malicious rampage. Well, there’s that, and then there are negligent or credential insiders.
Credential insiders are workers who knowingly or unknowingly share their login details. According to the latest insider threat stats, over half (67%) of data breaches are the result of stolen credentials. What’s more, credential leaks increased by a massive 129% year-over-year.
With the recent surge in insider data breach cases, more businesses are now experiencing attacks from insider threats.
(Source: IS Decisions)
A recent survey on cybersecurity insider threat statistics revealed that only one in five IT professionals consider insider threats to be a security concern. Only 39% of organizations have a team of cybersecurity experts with the right understanding of information security to evaluate cyber risk and implement preventative measures fully.
This explains why there is always a regular occurrence of internal security breaches amongst US businesses. There is the negligence of security protocols on the part of employees, employers, and IT personnel.
(Source: Finances Online)
What further do the 2022 insider threat statistics tell us?
A whopping 90% of data breaches occur due to human error! People continue to play an immense part in such incidents, whether it’s because of stolen credentials, phishing, misuse, or simple errors. Usually, end-users, system admins, or developers unintentionally cause them.
With the persistent increase of insider threats comes the task of improving cybersecurity to help tackle such threats. The cost of insider threat cybersecurity is skyrocketing. Just take a look:
(Source: ARN)
The latest business insider threat statistics reveal that 69% of organizations plan to channel more money to cyber risk management and information security. In addition, 26% are preparing to allocate 10% more to their budgets.
In 2022, the overall expenditure will be $17 billion more than in 2021.
That’s not all:
49% of businesses will direct more funds into cybersecurity because of compliance or best practices. 35% will do it due to security incidents, while 38% will act because of digital transformation risks.
(Source: 2022 Cost of Insider Threat Global Report)
It takes up to 85 days to stop an insider threat from causing more damage.
Moreover, according to the 2022 insider threats statistics, the average cost per incident containment during that period is $184,548. The ex-post analysis is the least expensive at $26,563.
Although monitoring and surveillance have one of the lowest expenditures, at around $35,000, they still show one of the highest net increases. The 2022 figure is up 114% from the 2016 one!
(Source: Observe IT)
Investigation and detection are two primary drivers for increased insider threat cybersecurity measures.
Insiders pose as much threat as external bodies. Organizations are beginning to dedicate a specific budget to the fight against insider threats from all angles.
(Source: Proofpoint)
Financial companies spending on insider threats averages about $21.25 million. That’s a 47% rise compared to the previous year. Retail costs on the same have skyrocketed by 62%, reaching around $16.56 million.
(Source: Observe IT)
A larger organization means a higher amount of data to deal with. Insider threat statistics reveal that larger organizations with a workforce of 75,000 and above spent an average of $17.92 million on insider threat cases in. Smaller organizations with a workforce of 500 or less spent $7.68 million on the same cause.
This section covers the various forms of insider attack and different ways on how they can successfully hack your network.
(Source: US Cybersecurity)
Phishing attacks remain one of the oldest and most effective ways for hackers to penetrate a network. Phishing emails are carefully designed to trick users into clicking on a corrupt file or filling out survey forms that contain confidential information. The info is later exploited for selfish gains. A good majority of insiders and contractors that fall for phishing emails are accidental.
(Source: CSO Online)
Malware, which is one of the most successful forms of cyber attacks, is still being transferred mostly through emails. It is also spread via other means such as websites and apps.
1) In 2013, Edward Snowden, a security operative and subcontractor for the CIA at the time, exposed some classified documents. This resulted in the implication of both the National Security Agency (NSA), and the Five Eyes (FVEY) (comprising the US, UK, Canada, New Zealand, and Australia). Snowden used his CIA authorization and easy access to classified information. His actions brought to light the mass surveillance of US, UK citizens, and citizens of other nations being carried out by both the NSA and FVEY. The case of Edward Snowden is a typical example of how dangerous and effective an insider threat can be. Despite the network of security at the disposal of a government body like the NSA, they were still unable to detect the malicious insider attack by Snowden until after the deed was done.
2) One woman was able to hack her employer, the Capital One Company, and many others using her skill set as a former Amazon Web Service employee. Insider threat facts reveal that this lady was able to obtain the social security number of 140,000 citizens, 1 million Canadian Insurance Numbers, personal information of 100 million customers, and 80,000 bank account numbers of customers.
3) A structural engineer and contractor to the US government were able to exfiltrate hundreds of boxes worth of documents about the military and spacecraft programs of the US government from 1979-2006. This also shows how much an insider threat can go under the radar unnoticed.
4) The Punjab National Bank attack happens to be one of the costliest insider attacks ever recorded in history. An employee was able to transfer funds worth £1.5 billion (about $1.84 billion) through letters of undertaking and foreign letters of credit using the Swift interbank communications system to authorize the transfer.
There are several types of insider threats and we'll cover them in more detail below.
These types of insider threats are employees who, despite a laid down cybersecurity protocol, would still ignore those protocols. They do whatever they feel like on the server, thereby placing the whole network at risk. These types of employees have no intent to harm the organization, but their actions are capable of causing a security breach.
The type of employees or close associates that intentionally cause harm to an organization by exposing sensitive business data to external threats or using them for personal gains.
This type of insider threat is workers that go about their daily duties, following organizational rules, and have no malicious intent at heart. However, unknown to them, they must have already been infected with malware or virus. Thereby placing the whole organization at risk of a cyber-attack. Most business owners are scared of this form of cyber attack.
Inside agents are employees in partnership with hackers who are trying to gain access to the server of their place of work. They play the role of either stealing or helping an external body infect their employer server with malware.
The reason insider attacks are harmful and yet challenging to identify is that these people already have access to your network. Also, they have access to files and folders.
Insider threats can either be intentional/deliberate or unintentional. Deliberate threats can come from insiders with grudges, in need of monetary gains, or just a desire to sabotage a company. Breaches can also occur unintentionally due to the careless nature of an employee while performing their daily office duties.
Although often overlooked, inside threats pose as much danger as external threats. If not a bigger one.
The frequency of insider threats is ever increasing. Thankfully, more businesses are now beginning to understand the imminent dangers posed. That said, more and more companies do a background check on their future hires to avoid any potential dangers.
What have you done to protect your business?
Deyan Georgiev
Deyan has been fascinated by technology his whole life. From the first Tetris game all the way to Falcon Heavy. Working for TechJury is like a dream come true, combining both his passions – writing and technology. In his free time (which is pretty scarce, thanks to his three kids), Deyan enjoys traveling and exploring new places. Always with a few chargers and a couple of gadgets in the backpack. He makes mean dizzying Island Paradise cocktails too.
Latest from Author
Your email address will not be published.
Updated · Jun 07, 2023
Updated · Jun 07, 2023
Updated · Jun 07, 2023
Updated · Jun 07, 2023