Insider Threat Statistics: (2024’s Most Shocking Trends)

Insider Threat Statistics

Crime gangs and state-sponsored hackers dominate the cyber security headlines. But what about the risks that exist much closer to home? 

As the latest insider threat statistics show, cyber security professionals should always be aware of threats coming from within their organizations. 

What internal risks do you need to guard against? Who are the malicious and non-malicious threat actors with the most potential to do damage? What countermeasures should be in place to mitigate risks? 

In this article, we take a look at these latest insider threat statistics to ensure nothing is overlooked.

Ready? Let’s start.

Insider Threat Statistics Trends 

Recent insider threat statistics suggest that incidents caused by insiders are on the rise, with finance and healthcare seeing the highest volumes of deliberate threat actions carried out by employees. Public administration, instead, is especially prone to non-malicious employee errors. 

Volume of Insider Threat Incidents 

1. 76% of organizations have detected increased insider threat activity over the past five years, but less than 30% believe they’re equipped with the right tools to handle it. 

2. Between 2023 and 2024, there was a 28% increase in insider-driven data exposure, loss, leak, and theft events.

3. Between 2020 and 2022, Ponemon identified a 44% increase in the number of insider threat-related security incidents. 

4. In 2022, 67% of companies experienced between 21 and 40 insider threat incidents per year, which is up from 60% in 2020. 

5. In 2023, 71% of companies experienced between 21 and 40 insider security incidents per year, up 67% from 2022. 

6. Three-quarters of security leaders say insider attacks have become more frequent over the last 12 months. 

7. 73% of business security leaders expect data loss from insider events to increase in the next 12 months

The Insider Threat Across Industry Sectors 

8. Public Administration is the top industry sector for non-malicious insider threat actions (based on 16,312 incidents examined by Verizon in 2023 DBIR)

Industry sector Number of actions observed 
Public Administration2,069
Healthcare141
Finance99
Information 89
Education51

9. Healthcare is the top industry sector for malicious (privilege misuse) insider threat actions (based on 16,312 incidents examined by Verizon in 2023 DBIR)

Industry sector Number of actions observed 
Healthcare 65
Finance 40
Information 21
Professional 17
Public Administration 16

Job Roles/Functions Most Susceptible to Insider Threat Actions 

10. 81% of cyber security leaders identify senior managers as the greatest threat to data security, likely due to their handling of more sensitive data and being a target for spear phishing campaigns. 

11. Sales and customer service are the roles or functions perceived by information security managers as posing the greatest insider risksβ€”cited by 48% and 47% of respondents, respectively. Functions perceived as posing the least risk are IT and legal third-party contractorsβ€”23% and 29%, respectively.  

Drivers of Insider Threat Activity 

12. According to security professionals, insufficient employee training and awareness is the largest perceived driver of insider threat activityβ€”37% agree.

Driver% of security professionals citing
Insufficient employee training and awareness37%
Globalization and adoption of new technologies 34%
Inadequate security measures 29%
Complex IT environments 27%
Disgruntled insiders 25%

Types of Insider Threat 

Malicious insider threats relate to deliberate actionsβ€”often involving abuse of privilegeβ€”with the intent to cause harm, exploit information, or disrupt operations. Non-malicious insider threats refer to human error or carelessness. Here’s a closer look at the statistics for both broad threat categories.  

Non-Malicious Insider Threats

13. 88% of all data breach incidents are caused by or significantly worsened by employees’ mistakes

14. The negligent insider is the root cause of most insider threat incidents. According to 2023 research by Ponemon, the majority of insider threat incidents (55%) are caused by careless or negligent employees.

Miscellaneous errors 

15. 50% of employees say they are β€œvery” or β€œpretty certain” they have made an error at work that could have led to security issues for their company. 

16. Older workers are less likely to admit to mistakes. 50% of employees aged between 18–30 say they’ve made mistakes that possibly impacted security, compared to 10% of workers over 51. 

17. Sending personal information to the wrong recipient via email is involved in an estimated 45% of data breaches involving human error. 

18. Unintended release or publication of personal information features in 16% of data breaches involving human error. 

19. Misdeliveryβ€”sending something to the wrong recipientβ€”accounts for 43% of breach-related errors

20. According to the Verizon DBIR, 2023, miscellaneous user errorsβ€”misdelivery, misconfiguration, and publishing errorsβ€”were responsible for 9% of all data breaches, down from 13% in 2022.  

21. Around 43% of miscellaneous errors leading to data breaches are made by developers, 39% by system admins, and 18% by end-users

22. Personal data was compromised in 89% of data breaches involving miscellaneous errors. 

23. In finance and insurance, 44% of cyber security breaches in 2022 were attributable to internal threat actors. Of these breaches, 55% were attributed to mistakenly sending information to unintended recipients.

Susceptibility to phishing scams and credential theft 

24. 20% of insider threat incidents are caused by credential theftβ€”i.e., where threat actors steal users’ credentials to gain access to data and assets. 

25. One in four employees say they’ve clicked on a phishing email at work. 

26. Men seem more susceptible to accidentally clicking on malicious messages than women. 34% of male respondents say they’ve clicked on a malicious link in a phishing email, compared to 17% of women. 

27. Older employees may be less vulnerable to phishing scams. Just 8% of workers aged over 51 say they’ve clicked on a phishing link, compared to around a third of employees aged 31–40. 

28. Around 45% of employees cite β€œdistraction” as the main reason for falling for a phishing scam. 

29. The top reasons for clicking on phishing emails are the perceived legitimacy of the message (43%) and the fact that it appeared to come from a senior executive (41%) or a well-known brand (40%). 

Lax attitudes to password protection 

30. 43% of US adults have shared a password with someone. 

31. 44% of internet users rarely reset their passwords

32. 53% of IT professionals use email to share passwords with colleagues. 

33. The most common password is 123456

Malicious Insider Threats 

34. 25% of insider threat incidents are caused by criminal or malicious insidersβ€”i.e., employees or authorized individuals who misuse access for harmful, unethical, or illegal activities. 

35. In 2024, around 74% of cyber security professionals are most concerned with malicious insiders within their organization, representing an increase of nearly 25% compared to 2019. 

Malicious insider threat motivations 

36. The vast majority (89%) of malicious insider breach incidents are motivated by personal financial gain.

Motive% of malicious insider breaches
Financial 89%
Grudge 13%
Espionage 5%
Convenience 3%
Fun 3%
Ideology 2%
Actor motives in instances of malicious insider breaches

Effects of malicious insider threat incidents 

37. Personal data is compromised in almost three-quarters (73%) of malicious insider breach cases.  

Data category% of malicious insider incidents where compromised 
Personal 73%
Medical34%
Other18%
Bank 12%
Payments12%
Data categories compromised in malicious insider instances 

Impact of Insider Threats on Organizations

Insider threat statistics suggest that malicious threats tend to cost organizations more than those arising from error or carelessness. Companies in the financial sector tend to be faced with the most severe costs and consequences when hit with an insider threat incident.

Most Common Impacts of Insider Threat Incidents 

38. Data loss is the most common impact of insider threat incidents. In 2023, 45% of organizations said that they’d suffered loss of critical data as a result of insider threats (up from 40% in 2021).

The Cost of Insider Threats 

39. Cyber security managers estimate the average cost of an inside threat event at USD $15 million

40. According to Ponemon, in 2023, the average cost incurred by an organization to resolve insider threats over a 12-month period was USD $16.2 million, up from $15.4 million in 2022.Β 

41. Between 2019 and 2023, the average annual cost of insider security threats to organizations has increased by 40%

42. Containment is the most costly aspect of responding to an insider security incident. Companies spend an average of USD $179,209 in containing the consequences of an incident. 

Regional Variances 

43. North American companies spend the most on activities to deal with insider threats. North America experienced the highest total annual costs at USD $19.09 million. European companies had the next highest cost at USD $17.47 million.  

Insider Threat Category Cost Variances 

44. The cost of credential theft incidents averages at USD $679,621 per incident.

45. The average cost-per-incident of breaches caused by malicious insiders is USD $701,500

46. The financial services sector has the highest activity costs linked to insider threats. The average annual activity cost for financial services businesses is USD $20.68 million

47. The cost of incidents varies according to organizational size. In 2023, large organizations with a headcount of more than 75,000 spent an average of USD $24.6 million resolving insider-related incidents, while organizations with a headcount below 500 spent an average of $8 million

48. According to Ponemon’s 2023 research, insider-related incidents that took less than 30 days to contain cost organizations annually, on average, USD $11.92 million. The average activity cost for incidents that took more than 90 days to resolve was USD $18.33 million. 

Insider Threat Detection, Management, and Organizational Preparedness 

It seems that insider threats are at least as difficult to deal with as external ones. New ways of workingβ€”e.g. greater use of cloud computing and remote workingβ€”are particular areas of concern. 

Preparedness and Attitudes to Insider Threat Detection 

49. More than 90% of global cyber security professionals say insider threats are as difficult or more difficult to respond to than external threats.

50. Three-quarters of cyber security professionals feel moderately to extremely vulnerable to insider attacks. 

51. When asked what type of insider threats they’re most concerned about, compromised accounts/machines come top, cited by 71% of security professionals. 

Top Areas of Vulnerability 

52. Information security managers regard cloud and IoT devices as the channels where insider-driven data loss is most likely to occur, as cited by 59% and 56% of respondents, respectively.

53. The majority of cyber security leadersβ€”88% for source code repositories, 87% for personal cloud accounts, and 90% for CRM system data downloadsβ€”feel the need for enhanced visibility into critical domains to mitigate internal risks effectively. 

54. According to a Code42 pulse survey, 91% of information security leaders believe employees are likely to exfiltrate corporate data by accessing cloud systems like Google Drive, OneDrive, Salesforce, Gmail, etc., on their mobile devices. 

55. The volume of insiders that have credentialed access, increased use of applications that can leak data, and the proliferation of personal device access to corporate resources are listed by security professionals as the top three factors that make detection and prevention of insider attacks increasingly difficult. 

56. More than half (56%) of information security leaders rate it a moderate or top priority to evaluate levels of corporate data exfiltration via employees’ mobile phones

57. More than half (53%) of cyber security professionals say that insider threat detection has become more challenging since moving to the cloud. 

Remote/Hybrid Working and Insider Threats  

58. In 2023, an estimated 12.7% of US employees were working fully remotely. This is expected to increase to 22% by 2025.  

59. In a survey conducted at the time of the pandemic, 91% of executives said they believed cyber attacks on their organization had increased because of remote working

60. 70% of cyber security professionals are concerned about insider risks in hybrid work environments, citing the challenges of securing distributed, less controlled environments.

61. 57% of remote workers say they’re more distracted when working from home. 

Insider Threats and Emerging Technologies 

62. 89% of security leaders believe their company’s sensitive data is increasingly vulnerable to increased usage of AI technologies

63. 87% of security leaders are concerned that their employees may inadvertently expose sensitive data to their competitors by inputting it into generative AI. 

64. Three quarters of security professionals are concerned about the impact of emerging technologiesβ€”such as AI, the Metaverse, and quantum computingβ€”on insider threats, including their potential to amplify threat capabilities.  

Insider Threat Mitigation 

65. 72% of organizations dedicate resources and time to insider risk prevention programs.

66. 21% of cyber security professionals say they have a fully implemented and operational insider threat program in place. 

67. Just 8.2% of security budgets are spent on insider risk management, 58% of security professionals consider this to be insufficient. 

68. Cyber security awareness training can lead to a reduction in cyber security risks by up to 70%. 

69. Users who have undergone phishing awareness training are 30% less likely to click on a phishing link. 

70. 86% of organizations monitor user behavior to some degree to counter insider threats. A quarter of organizations use automated tools to continuously monitor user behavior.  

Notable Insider Threat Incidents 

Here are some real-life examples of how insider actions can have significant negative consequences for organizations.  

Tesla Data Leak 

This is a classic illustration of the damage that can be caused by disgruntled ex-employees. Two former Tesla workers managed to expose a whole treasure trove of data, including production secrets, customer complaint details, and personal information relating to more than 75,0000 current and former employees.

Yahoo IP Theft 

When a privileged user leaves the company, can you be sure they’re not walking away with more than they should? In this case, a research scientist jumped from Yahoo to a competitor. But before he left, he downloaded more than half a million pages of IP to his personal device.

Chinese Police Data Leak 

A single user error by an insider can have massive consequences. In this instance, a government developer wrote a blog post on the China Software Development Network (CSDN), accidentally including the credentials to a Shanghai police database. As a result, 1 billion records of private citizens’ data ended up for sale on the dark web.

Conclusion 

Insider threats are always going to be a significant concern for cyber security professionals. 

Much of this is down to the fact that, by definition, you’re dealing with individuals who already have credentialed access to the network, so picking up on anomalies is always going to be a challenge. 

Responding to this threat requires a combination of tools and skills. This includes technical solutionsβ€”e.g., Identity and Access Management (IAM) and User Entity Behavior Analytics (UEBA) toolsβ€”but more importantlyβ€”especially when it comes to trying to curb carelessness among insidersβ€”there needs to be a strong emphasis on actionable, role-specific, user training. 

A StationX Membership offers access to 1000+ courses and labs designed to boost your cyber security knowledge. 

Whether you’re learning how to protect your company, become certified in cyber defense and auditing roles, or retrain to a cyber security career, our courses, unlimited mentorship, career development roadmaps, mastermind sessions, and more can get you there.

4.8

β˜…β˜…β˜…β˜…β˜…

4.9

β˜…β˜…β˜…β˜…β˜…

4.8

β˜…β˜…β˜…β˜…β˜…

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.

>

StationX Accelerator Pro

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Pro Program. Stay tuned for more!

StationX Accelerator Premium

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Premium Program. Stay tuned for more!

StationX Master's Program

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Master’s Program. Stay tuned for more!