Crime gangs and state-sponsored hackers dominate the cyber security headlines. But what about the risks that exist much closer to home?
As the latest insider threat statistics show, cyber security professionals should always be aware of threats coming from within their organizations.
What internal risks do you need to guard against? Who are the malicious and non-malicious threat actors with the most potential to do damage? What countermeasures should be in place to mitigate risks?
In this article, we take a look at these latest insider threat statistics to ensure nothing is overlooked.
Ready? Letβs start.
Insider Threat Statistics Trends
Recent insider threat statistics suggest that incidents caused by insiders are on the rise, with finance and healthcare seeing the highest volumes of deliberate threat actions carried out by employees. Public administration, instead, is especially prone to non-malicious employee errors.
Volume of Insider Threat Incidents
1. 76% of organizations have detected increased insider threat activity over the past five years, but less than 30% believe theyβre equipped with the right tools to handle it.
2. Between 2023 and 2024, there was a 28% increase in insider-driven data exposure, loss, leak, and theft events.
3. Between 2020 and 2022, Ponemon identified a 44% increase in the number of insider threat-related security incidents.
4. In 2022, 67% of companies experienced between 21 and 40 insider threat incidents per year, which is up from 60% in 2020.
5. In 2023, 71% of companies experienced between 21 and 40 insider security incidents per year, up 67% from 2022.
6. Three-quarters of security leaders say insider attacks have become more frequent over the last 12 months.
7. 73% of business security leaders expect data loss from insider events to increase in the next 12 months.
The Insider Threat Across Industry Sectors
8. Public Administration is the top industry sector for non-malicious insider threat actions (based on 16,312 incidents examined by Verizon in 2023 DBIR)
Industry sector | Number of actions observed |
Public Administration | 2,069 |
Healthcare | 141 |
Finance | 99 |
Information | 89 |
Education | 51 |
9. Healthcare is the top industry sector for malicious (privilege misuse) insider threat actions (based on 16,312 incidents examined by Verizon in 2023 DBIR)
Industry sector | Number of actions observed |
Healthcare | 65 |
Finance | 40 |
Information | 21 |
Professional | 17 |
Public Administration | 16 |
Job Roles/Functions Most Susceptible to Insider Threat Actions
10. 81% of cyber security leaders identify senior managers as the greatest threat to data security, likely due to their handling of more sensitive data and being a target for spear phishing campaigns.
11. Sales and customer service are the roles or functions perceived by information security managers as posing the greatest insider risksβcited by 48% and 47% of respondents, respectively. Functions perceived as posing the least risk are IT and legal third-party contractorsβ23% and 29%, respectively.
Drivers of Insider Threat Activity
12. According to security professionals, insufficient employee training and awareness is the largest perceived driver of insider threat activityβ37% agree.
Driver | % of security professionals citing |
Insufficient employee training and awareness | 37% |
Globalization and adoption of new technologies | 34% |
Inadequate security measures | 29% |
Complex IT environments | 27% |
Disgruntled insiders | 25% |
Types of Insider Threat
Malicious insider threats relate to deliberate actionsβoften involving abuse of privilegeβwith the intent to cause harm, exploit information, or disrupt operations. Non-malicious insider threats refer to human error or carelessness. Hereβs a closer look at the statistics for both broad threat categories.
Non-Malicious Insider Threats
13. 88% of all data breach incidents are caused by or significantly worsened by employeesβ mistakes.
14. The negligent insider is the root cause of most insider threat incidents. According to 2023 research by Ponemon, the majority of insider threat incidents (55%) are caused by careless or negligent employees.
Miscellaneous errors
15. 50% of employees say they are βveryβ or βpretty certainβ they have made an error at work that could have led to security issues for their company.
16. Older workers are less likely to admit to mistakes. 50% of employees aged between 18β30 say theyβve made mistakes that possibly impacted security, compared to 10% of workers over 51.
17. Sending personal information to the wrong recipient via email is involved in an estimated 45% of data breaches involving human error.
18. Unintended release or publication of personal information features in 16% of data breaches involving human error.
19. Misdeliveryβsending something to the wrong recipientβaccounts for 43% of breach-related errors.
20. According to the Verizon DBIR, 2023, miscellaneous user errorsβmisdelivery, misconfiguration, and publishing errorsβwere responsible for 9% of all data breaches, down from 13% in 2022.
21. Around 43% of miscellaneous errors leading to data breaches are made by developers, 39% by system admins, and 18% by end-users.
22. Personal data was compromised in 89% of data breaches involving miscellaneous errors.
23. In finance and insurance, 44% of cyber security breaches in 2022 were attributable to internal threat actors. Of these breaches, 55% were attributed to mistakenly sending information to unintended recipients.
Susceptibility to phishing scams and credential theft
24. 20% of insider threat incidents are caused by credential theftβi.e., where threat actors steal usersβ credentials to gain access to data and assets.
25. One in four employees say theyβve clicked on a phishing email at work.
26. Men seem more susceptible to accidentally clicking on malicious messages than women. 34% of male respondents say theyβve clicked on a malicious link in a phishing email, compared to 17% of women.
27. Older employees may be less vulnerable to phishing scams. Just 8% of workers aged over 51 say theyβve clicked on a phishing link, compared to around a third of employees aged 31β40.
28. Around 45% of employees cite βdistractionβ as the main reason for falling for a phishing scam.
29. The top reasons for clicking on phishing emails are the perceived legitimacy of the message (43%) and the fact that it appeared to come from a senior executive (41%) or a well-known brand (40%).
Lax attitudes to password protection
30. 43% of US adults have shared a password with someone.
31. 44% of internet users rarely reset their passwords.
32. 53% of IT professionals use email to share passwords with colleagues.
33. The most common password is 123456.
Malicious Insider Threats
34. 25% of insider threat incidents are caused by criminal or malicious insidersβi.e., employees or authorized individuals who misuse access for harmful, unethical, or illegal activities.
35. In 2024, around 74% of cyber security professionals are most concerned with malicious insiders within their organization, representing an increase of nearly 25% compared to 2019.
Malicious insider threat motivations
36. The vast majority (89%) of malicious insider breach incidents are motivated by personal financial gain.
Motive | % of malicious insider breaches |
Financial | 89% |
Grudge | 13% |
Espionage | 5% |
Convenience | 3% |
Fun | 3% |
Ideology | 2% |
Effects of malicious insider threat incidents
37. Personal data is compromised in almost three-quarters (73%) of malicious insider breach cases.
Data category | % of malicious insider incidents where compromised |
Personal | 73% |
Medical | 34% |
Other | 18% |
Bank | 12% |
Payments | 12% |
Impact of Insider Threats on Organizations
Insider threat statistics suggest that malicious threats tend to cost organizations more than those arising from error or carelessness. Companies in the financial sector tend to be faced with the most severe costs and consequences when hit with an insider threat incident.
Most Common Impacts of Insider Threat Incidents
38. Data loss is the most common impact of insider threat incidents. In 2023, 45% of organizations said that theyβd suffered loss of critical data as a result of insider threats (up from 40% in 2021).
The Cost of Insider Threats
39. Cyber security managers estimate the average cost of an inside threat event at USD $15 million.
40. According to Ponemon, in 2023, the average cost incurred by an organization to resolve insider threats over a 12-month period was USD $16.2 million, up from $15.4 million in 2022.Β
41. Between 2019 and 2023, the average annual cost of insider security threats to organizations has increased by 40%.
42. Containment is the most costly aspect of responding to an insider security incident. Companies spend an average of USD $179,209 in containing the consequences of an incident.
Regional Variances
43. North American companies spend the most on activities to deal with insider threats. North America experienced the highest total annual costs at USD $19.09 million. European companies had the next highest cost at USD $17.47 million.
Insider Threat Category Cost Variances
44. The cost of credential theft incidents averages at USD $679,621 per incident.
45. The average cost-per-incident of breaches caused by malicious insiders is USD $701,500.
46. The financial services sector has the highest activity costs linked to insider threats. The average annual activity cost for financial services businesses is USD $20.68 million.
47. The cost of incidents varies according to organizational size. In 2023, large organizations with a headcount of more than 75,000 spent an average of USD $24.6 million resolving insider-related incidents, while organizations with a headcount below 500 spent an average of $8 million.
48. According to Ponemonβs 2023 research, insider-related incidents that took less than 30 days to contain cost organizations annually, on average, USD $11.92 million. The average activity cost for incidents that took more than 90 days to resolve was USD $18.33 million.
Insider Threat Detection, Management, and Organizational Preparedness
It seems that insider threats are at least as difficult to deal with as external ones. New ways of workingβe.g. greater use of cloud computing and remote workingβare particular areas of concern.
Preparedness and Attitudes to Insider Threat Detection
49. More than 90% of global cyber security professionals say insider threats are as difficult or more difficult to respond to than external threats.
50. Three-quarters of cyber security professionals feel moderately to extremely vulnerable to insider attacks.
51. When asked what type of insider threats theyβre most concerned about, compromised accounts/machines come top, cited by 71% of security professionals.
Top Areas of Vulnerability
52. Information security managers regard cloud and IoT devices as the channels where insider-driven data loss is most likely to occur, as cited by 59% and 56% of respondents, respectively.
53. The majority of cyber security leadersβ88% for source code repositories, 87% for personal cloud accounts, and 90% for CRM system data downloadsβfeel the need for enhanced visibility into critical domains to mitigate internal risks effectively.
54. According to a Code42 pulse survey, 91% of information security leaders believe employees are likely to exfiltrate corporate data by accessing cloud systems like Google Drive, OneDrive, Salesforce, Gmail, etc., on their mobile devices.
55. The volume of insiders that have credentialed access, increased use of applications that can leak data, and the proliferation of personal device access to corporate resources are listed by security professionals as the top three factors that make detection and prevention of insider attacks increasingly difficult.
56. More than half (56%) of information security leaders rate it a moderate or top priority to evaluate levels of corporate data exfiltration via employeesβ mobile phones.
57. More than half (53%) of cyber security professionals say that insider threat detection has become more challenging since moving to the cloud.
Remote/Hybrid Working and Insider Threats
58. In 2023, an estimated 12.7% of US employees were working fully remotely. This is expected to increase to 22% by 2025.
59. In a survey conducted at the time of the pandemic, 91% of executives said they believed cyber attacks on their organization had increased because of remote working.
60. 70% of cyber security professionals are concerned about insider risks in hybrid work environments, citing the challenges of securing distributed, less controlled environments.
61. 57% of remote workers say theyβre more distracted when working from home.
Insider Threats and Emerging Technologies
62. 89% of security leaders believe their companyβs sensitive data is increasingly vulnerable to increased usage of AI technologies.
63. 87% of security leaders are concerned that their employees may inadvertently expose sensitive data to their competitors by inputting it into generative AI.
64. Three quarters of security professionals are concerned about the impact of emerging technologiesβsuch as AI, the Metaverse, and quantum computingβon insider threats, including their potential to amplify threat capabilities.
Insider Threat Mitigation
65. 72% of organizations dedicate resources and time to insider risk prevention programs.
66. 21% of cyber security professionals say they have a fully implemented and operational insider threat program in place.
67. Just 8.2% of security budgets are spent on insider risk management, 58% of security professionals consider this to be insufficient.
68. Cyber security awareness training can lead to a reduction in cyber security risks by up to 70%.
69. Users who have undergone phishing awareness training are 30% less likely to click on a phishing link.
70. 86% of organizations monitor user behavior to some degree to counter insider threats. A quarter of organizations use automated tools to continuously monitor user behavior.
Notable Insider Threat Incidents
Here are some real-life examples of how insider actions can have significant negative consequences for organizations.
Tesla Data Leak
This is a classic illustration of the damage that can be caused by disgruntled ex-employees. Two former Tesla workers managed to expose a whole treasure trove of data, including production secrets, customer complaint details, and personal information relating to more than 75,0000 current and former employees.
Yahoo IP Theft
When a privileged user leaves the company, can you be sure theyβre not walking away with more than they should? In this case, a research scientist jumped from Yahoo to a competitor. But before he left, he downloaded more than half a million pages of IP to his personal device.
Chinese Police Data Leak
A single user error by an insider can have massive consequences. In this instance, a government developer wrote a blog post on the China Software Development Network (CSDN), accidentally including the credentials to a Shanghai police database. As a result, 1 billion records of private citizensβ data ended up for sale on the dark web.
Conclusion
Insider threats are always going to be a significant concern for cyber security professionals.
Much of this is down to the fact that, by definition, youβre dealing with individuals who already have credentialed access to the network, so picking up on anomalies is always going to be a challenge.
Responding to this threat requires a combination of tools and skills. This includes technical solutionsβe.g., Identity and Access Management (IAM) and User Entity Behavior Analytics (UEBA) toolsβbut more importantlyβespecially when it comes to trying to curb carelessness among insidersβthere needs to be a strong emphasis on actionable, role-specific, user training.
A StationX Membership offers access to 1000+ courses and labs designed to boost your cyber security knowledge.
Whether youβre learning how to protect your company, become certified in cyber defense and auditing roles, or retrain to a cyber security career, our courses, unlimited mentorship, career development roadmaps, mastermind sessions, and more can get you there.
Frequently Asked Questions
Sources:
- CISO Mag: βPsychology of Human Error Could Help Businesses Prevent Security Breachesβ, Article, September 2020
- Code42: Access to Corporate Systems Via Employee-Owned Devices, Pulse Survey, 2021
- Code42: βEvolving Threats from Within: Insights from the 2024 Data Exposure Report, Article, March 2024
- Cybernews: βMost Common Passwords, Latest 2024 Statisticsβ, Article, November 2023
- Cybersecurity Ventures: βData Has Never Been More Vulnerable to Insider Threatsβ, Article, January 2024
- Exploding Topics: β50+ Password Statistics - The State of Password Security in 2024β, Article, January 2024
- Forbes: Remote Work Statistics and Trends in 2024, Report, June 2023
- Google/Harris Poll: The United States of Passwords, Report, 2019
- HIPAA Journal: βInsider Security Threat Costs Up 40% in 4 Yearsβ, Article, September 2023
- Keepnet: 2024 Security Awareness Training Statistics, Report, January 2023
- Phriendly Phishing: βTop 5 Human Errors that Impact Cyber Securityβ, Article,
- Ponemon: Cost Of Insider Risks, Report, 2023
- Securinox: βAmid Rising Insider Threats, Most Companies are Vulnerableβ¦β, Article, January 2024
- University of the Potomac: β6 Industries Most Vulnerable to Cyber Attack in 2023β, Article, 2023
- Verizon: Data Breach Investigations Report, 2023