Last Updated: July 7, 2020
With so many articles – and not to mention movies – about hackers leaking people’s data, we’ve all become more or less paranoid about it.
Now imagine if you’re responsible for the data of like 100 employees and clients.
Cybersecurity has become a thing of concern for both big and small businesses around the globe. In 2018 alone, 4.1 billion of such records were either stolen or corrupted due to data breaches.
Such an attack can cause much damage to any business. But people tend to overlook the “Insider Threat.”
Insider threat statistics reveal that these threats can come from employees, firm contractors, or other trusted associates that have easy access to your network.
Eye-Opening Insider Cyber Threat Statistics
Coming up are some insider threat stats to inform you of the dangers posed by such attacks:
- Businesses in the US encounter about 2,500 internal security breaches daily.
- More than 34% of businesses around the globe are affected by insider threats yearly.
- 66% of organizations consider malicious insider attacks or accidental breaches more likely than external attacks.
- Over the last two years, the number of insider incidents has increased by 47%.
- The cost of insider threats (related to credential theft) for organizations in 2020 is $2.79 million.
- Insider threat stats reveal that more than 70% of attacks are not reported externally.
- The percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25%.
General Insider Threat Statistics for 2020
Insider threat is unarguably one of the most underestimated areas of cybersecurity. However, recent development and insider threat reports have indicated a rapid increase in the number of insider attacks. These have forced cybersecurity experts to pay closer attention to the damaging nature of insider threats.
We have taken our time to gather some mind-boggling statistics on insider threats just for you!
They reveal why every business needs to invest heavily in cybersecurity to help keep insider attacks at bay.
1. Insider threats have increased by 47% in the past two years.
(Source: Panda Security)
Either due to a malicious close associate, employee, or unintentional errors, the number of insider attacks experienced yearly has shifted upwards. It went from 3200 to 4700 per year between 2018 and 2020. This increased frequency of insider attacks has also led to about 60% of organizations experiencing more than 30 insider attacks yearly.
2. More than two out of three insider threat incidents are caused by negligence.
(Source: Observe IT)
Although insider threats can come from malicious employees and contractors, insider threat stats have revealed that the majority of them originate from negligence on the part of your employees and other close associates.
3. 55% of organizations identify privileged users as their greatest insider threat risk.
(Source: Observe IT)
There is no denying the ever-existing threat posed by external attackers. However, the solution might be simple.
A proper cybersecurity measure is always enough to keep them out of your business continually.
When these threats occur as a result of the actions of certain privileged users, there is only so much that can be done. Most times, these privileged users reveal administrative data by mistake, and not intentionally. Hence, it is essential that they are adequately briefed on cybersecurity measures.
4. Insider threat statistics reveal that 70% of organizations are reportedly seeing more frequent insider attacks.
(Source: Security Round Table)
Insider threats have reportedly increased in the last two years. Now, the majority of organizations are beginning to watch out for them even more.
Because insider attacks can sometimes pass for external data breaches, it is not new to find that organizations will sometimes confuse them. Still, with the help of cybersecurity and insider threat awareness by IT professionals, more organizations are now able to differentiate and identify an insider threat.
5. 68% of organizations claim that they feel extremely to moderately vulnerable to frequent attacks from hackers.
(Source: Malware Bytes)
Businesses need to stay on their toes when it comes to cybersecurity. Unfortunately, insider threat statistics reveal that only 1 in 10 organizations believe their cybersecurity meets the needs of their business.
6. Insider threat stats show that 85% of organizations say that they find it difficult to determine the actual damage of an insider attack.
(Source: Security Round Table)
The data above goes to show how dangerous and damaging an insider attack can be to a business. Regardless of whether the threat is coming from a malicious user or a negligent user, insider threats can be devastating. Especially given the amount of sensitive information at the disposal of the malicious insider.
The ease of access to this information is also something to worry about. The location of sensitive files may take a while for an external threat to find. An insider knows where to look for the info they need.
7. Every year, more than 34% of businesses worldwide are affected by insider threats.
(Source: Sisa Infosec)
According to insider threat statistics, a good number of businesses are always affected by insider threats each year. This opens the doors for data thieves to carry out the exfiltration of critical information.
8. 70% of organizations say that they are worried about unavoidable data breaches.
Attacks can come from malicious users, negligent employees, and contractors, or from unintentional users. Even though negligent employees cause more insider threats, business owners say that they are more concerned about cybersecurity factors beyond their control.
9. Fraud, monetary gains, and theft of intellectual properties are the major factors driving insider threats.
A survey by Fortinet revealed that fraud (55%), monetary gains (49%), and IP theft (44%) are the three most underlying reasons behind insider threats. The insider threat survey goes further to tell us that the finance department (41%), the customer access department (35%), and the research and development department (33%) are most vulnerable to cyber-attacks.
10. The percentage of insider incidents perpetrated by trusted business partners has typically ranged between 15% and 25% across all insider incident types and industry sectors.
External contractors are given the same top-level access to a network as those given to employees in an organization. Unfortunately, some contractors have been known to abuse such freedom in the past.
Sectors like finance and insurance (38%) have seen the highest insider attacks due to contractor errors or malicious activities. Others like healthcare (18%), information technology (22%), the federal government (31%), state and local government (16), and entertainment (30%), have also experienced contractor breaches in the past.
11. It will take a business an average time of 197 days to identify a data breach.
It takes another 77 days on the average to recover from one. It is vital that businesses pay closer attention to cybersecurity.
Insider Threat Data Breach Statistics
With the recent surge in insider data breach cases, more businesses are now experiencing attacks from insider threats.
12. Businesses in the US encounter about 2500 internal security breaches every day
(Source: IS Decisions)
A recent survey on cybersecurity insider threat statistics revealed that only 1 in 5 IT professionals consider insider threats to be a security concern. Only 39% of organizations have a team of cybersecurity experts with the right understanding of information security to evaluate cyber risk and implement preventative measures fully.
This explains why there is always a regular occurrence of internal security breaches amongst US businesses. There is negligence of security protocols on the part of employees, employers, and IT personnel.
13. Insiders are responsible for 30% of data breaches.
According to Verizon’s data breach investigation for 2019, as reported by Forbes, a substantial amount of data breaches that occurred during the year were caused by insiders, intentionally and unintentionally.
The Cost of Insider Threats for Businesses
With the persistent increase of insider threats comes the task of improving cybersecurity to help tackle such threats. The cost of insider threat cybersecurity is skyrocketing. Just take a look:
14. Global spending on cybersecurity is expected to be over $124 billion currently.
(Source: Tech Jury)
As of 2019, the global average cost per data breach incident (internal or external) was $3.92 million. Experts predicted that worldwide global spending on information security should exceed $124 billion before the end of last year.
15. Insider attacks that take a longer time to resolve cost $6.58 million more than those that take less time.
(Source: Panda Security)
With the frequency of insider attacks in recent times, an attack that stays longer in a system will cost more to resolve. According to insider threat statistics for 2020, incidents that take longer than 90 days to resolve cost an average of $13.7 million per annum. In contrast, those that take less than 30 days to resolve will cost an average of $7.12 million.
16. Overall, organizations are spending 60% more than they spent three years ago, dealing with all kinds of insider threats.
(Source: Observe IT)
Investigation and detection are two primary drivers for increased insider threat cybersecurity measures.
Insiders pose as much threat as external bodies. Organizations are beginning to dedicate a specific budget to the fight against insider threats from all angles.
17. The financial services industry has spent more trying to contain insider threats more than any other sector.
(Source: Globe News Wire)
The industry is also spending big trying to protect itself from possible attacks. As per insider threat stats for 2020, the past two years have seen the financial service industry spend an average of $14.3 million preventing insider attacks.
18. Larger organizations spend $10.24 million more on insider threat cases, compared to smaller organizations.
(Source: Observe IT)
A larger organization means a higher amount of data to deal with. Insider threat statistics for 2020 reveal that larger organizations with a workforce of 75,000 and above spent an average of $17.92 million on insider threat cases in 2019. Smaller organizations with a workforce of 500 or less spent $7.68 million on the same cause in 2019 too.
Insider Cyber Attacks
This section covers the various forms of insider attack and different ways on how they can successfully hack your network.
19. 67% of accidental insider threats still come from phishing attacks.
(Source: US Cybersecurity)
Phishing attacks remain one of the oldest and most effective ways for hackers to penetrate a network. Phishing emails are carefully designed to trick users into clicking on a corrupt file or filling out survey forms that contain confidential information. The info is later exploited for selfish gains. A good majority of insiders and contractors that fall for phishing emails are accidental.
20. 94% of malware is still distributed through emails.
(Source: CSO Online)
Malware, which is one of the most successful forms of cyber attacks, is still being transferred mostly through emails. It is also spread via other means such as websites and apps.
The Most Notable Internal Data Breaches in the World
1) In 2013, Edward Snowden, a security operative and subcontractor for the CIA as at the time, exposed some classified documents. This resulted in the implication of both the National Security Agency (NSA), and the Five Eyes (FVEY) (comprising the US, UK, Canada, New Zealand, and Australia). Snowden used his CIA authorization and easy access to classified information. His actions brought to light the mass surveillance of US, UK citizens, and citizens of other nations being carried out by both the NSA and FVEY. The case of Edward Snowden is a typical example of how dangerous and effective an insider threat can be. Despite the network of security at the disposal of a government body like NSA, they were still unable to detect the malicious insider attack by Snowden until after the deed was done.
2) One woman was able to hack her employer, the Capital One Company, and many others using her skill set as a former Amazon web service employee. Insider threat facts reveal that this lady was able to obtain the social security number of 140,000 citizens, 1 million Canadian Insurance Numbers, personal information of 100 million customers, and 80,000 bank account numbers of customers.
3) A structural engineer and contractor to the US government was able to exfiltrate hundreds of boxes worth of documents about the military and spacecraft programs of the US government from 1979-2006. This also shows how much an insider threat can go under the radar unnoticed.
4) The Punjab National Bank attack happens to be one of the costliest insider attacks ever recorded in history. An employee was able to transfer funds worth £1.5 billion (about $1.84 billion) through letters of undertaking and foreign letters of credit using the Swift interbank communications system to authorize the transfer.
Types of Insider Threats
This type of insider threats are employees who, despite a laid down cybersecurity protocol, would still ignore those protocols. They do whatever they feel like on the server, thereby placing the whole network at risk. These types of employees have no intent to harm the organization, but their actions are capable of causing a security breach.
The type of employees or close associates that intentionally cause harm to an organization by exposing sensitive business data to external threats or using them for personal gains.
Unintentional Insider Threats
This type of insider threat are workers that go about their daily duties, following organizational rules, and have no malicious intent at heart. However, unknown to them, they must have already been infected with malware or virus. Thereby placing the whole organization at risk of a cyber-attack. Most business owners are scared of this form of a cyber attack.
Inside agents are employees in partnership with hackers who are trying to gain access to the server of their place of work. They play the role of either stealing or helping an external body infect their employer server with malware.
What makes insider attacks so dangerous?
The reason insider attacks are harmful and yet challenging to identify is that these people already have access to your network. Also, they are authorized to access files and folders.
Insider threats can either be intentional/deliberate or unintentional. Deliberate threats can come from insiders with grudges, in need of monetary gains, or just a desire to sabotage a company. Breaches can also occur unintentionally due to the careless nature of an employee while performing their daily office duties.
Although often overlooked, inside threats pose as much danger as external threats. If not a bigger one.
The frequency of insider threats is ever increasing. Thankfully, more businesses are now beginning to understand the imminent dangers posed.
What have you done to protect your business?
Cybersecurity insiders is an online community of over 400,000 information security professionals across the globe. They aim to provide organizations with everything related to cybersecurity. Such resources span across news updates, software updates, and new technological entrants into the cybersecurity network.
Insider threats make up 60% of cyber attacks in today’s world. Given that that can be very difficult to detect, they are sometimes overlooked or considered as external threats.
Gregory Chung is a good insider threat example. Mr. Chung, who happens to be an engineer at Rockwell, and later Boeing used his security clearance to steal information on military and spacecraft programs from the government. For years, between 1976 to 2006, he traded these secrets with China in exchange for a specific fee until he was caught.
Another excellent example of an insider threat is the Facebook employee who used his access privileges to stalk women online until he was caught and subsequently sacked.
Insider threat statistics are clear – such threats could have far-reaching damage to your company. Especially if it is not detected early enough. That of Mr. Chung alone went on for about 19 years, and the resulting damage was overwhelming.
According to malicious insider threat statistics, the longer these attacks go unnoticed, the more damage they cause to a company. Like we discussed earlier, attacks that take more time to resolve cost more than those that require less time.