When we talk about cybersecurity, we often think about hackers outside organizations trying to access private, sensitive data. However, threats from insiders are fast becoming a grave concern among businesses. As insider threat statistics show, these instances have been rising and an overwhelming number of businesses are not prepared to handle them. Implementing some of the best IT security software will, of course, help but there are still many challenges, especially when the enemy is right inside your own backyard.
Through these statistics, you can learn more about the latest trends, risks, and strategies you can use for your organization’s cybersecurity measures. We’ll highlight data on the types of insider threats, the costs companies incur due to these threats, and what steps you can do to prevent and prepare for such insider attacks.
The latest reports say that there has been an insider threat increase over the years. One survey revealed that more than half of respondents have experienced insider attacks more than 20 times in a year.
What’s more worrisome is that the majority of businesses admit that they feel vulnerable. They are not fully capable of knowing where or when these attacks might originate. That’s because it’s hard to determine when users of a company’s system are simply doing their day-to-day work or are up to something malicious. Moreover, employees might not even know they are already exposing sensitive information out of pure negligence.
60% of data breaches are caused by insider threats (Goldstein, 2020).
68% of organizations have observed that insider attacks have become more frequent over the last 12 months (Cybersecurity Insiders, 2020).
The number of insider-caused cybersecurity incidents increased by 47% since 2018 (ObserveIT, 2020).
Another report predicts that the frequency of insider data breaches will increase by 8% through 2021 (Shey, 2020).
61% of companies have had an insider attack in the past year (Bitglass, 2020).
60% of organizations had more than 20 incidents of insider attacks a year (IBM, 2020).
63% of organizations think that privileged IT users pose the biggest insider security risk to organizations (Cybersecurity Insiders, 2020).
60% of companies said managers with access to sensitive information are the top insider threat actors. This is followed by contractors and consultants (57%), and regular employees (51%) (Bitglass, 2020).
78% don’t believe that they have very effective processes in place when managing IT privileges (Cybersecurity Insiders, 2020).
Fraud (55%), monetary gain (49%), and IP theft (44%) are the top motivations for insider attacks (Fortinet, 2019).
Source: Bitglass, 2020
2. Types of Insider Threats
Not all insider threats are the same. Some involved data exfiltration while others are connected to privilege misuse. Also, not all insider threats are carried out with malicious intent. A huge part of insider data breaches actually comes from unintentional breaches and the negligence of employees.
Businesses worry about inadvertent data breaches (71%), negligence of employees with IT protocols (68%), and malicious data breaches (61%) (AT&T, n.d.).
62% of insider incidents are caused by negligent employees or contractors, making it one of the most common insider threats. The least common type is malicious insiders (14%) (Panda Security, 2020).
In the US, the most common type of insider threat is data exfiltration (62%). This is followed by privilege misuse (19%), data aggregation/snooping (9.5%), infrastructure sabotage (5.1%), circumvention of IT controls (3.8%), and account sharing (0.6%) (Securonix, 2020).
Types of Insider Threats Most Businesses Worry About
View in full screen
Download PNG image
Download JPEG image
Download SVG vector image
Source: AT&T Business
3. The Cost of Insider Threats
It’s not just the frequency of insider attacks that are increasing but also the financial devastation they cause to businesses. Basically, financial damages are classified into three: direct cost, indirect cost, and loss opportunity cost. It can also be hard to determine the actual cost of each insider attack since the specifics of cases can vary significantly.
The average annual cost of insider threats has skyrocketed in only two years, rising 31% to $11.45 million (ObserveIT, 2020).
86% of organizations say they find it moderately difficult to very difficult to determine the actual damage of an insider attack (Cybersecurity Insiders, 2020).
It’s difficult to compute the true cost of a major security breach, but 50% of organizations say their estimate is less than $100,000. Thirty-four percent said they expect damages to be between $100,000 and $500,000 (Cybersecurity Insiders, 2020).
Companies in North America experienced the highest average annual cost of insider threats at $13.3 million. Followed by the Middle East at $11.65 million. Europe’s cost amounted to $9.82 million, while Asia-Pacific totaled $7.89 million (IBM, 2020).
Negligent insiders cost companies around $307,000 per incident. Criminal insiders cost $756,000 per incident, while credential thieves cost $871,000 per incident (ObserveIT, 2020).
The industry and size of the company make a difference on the amount spent on combatting insider threats. Large organizations (more than 75,000 employees) spent an average of $17.92 million over the past year. In contrast, smaller organizations (below 500 employees) spent an average of $7.68 million (ObserveIT, 2020).
Meanwhile, the sector that spent the most on measures against insider threats is the financial services sector ($14.50 million). The services sector and the technology and software sector follow with $12.31 million and $12.30 million, respectively (IBM, 2020).
4. State of Insider Threat Prevention
More than half of organizations agree that it’s harder to prevent insider attacks than external ones. There are several factors that have made it this way. For example, many businesses have transitioned to the cloud and use multiple apps to run their daily operations. This means a huge volume of data now leaves a company’s secure parameters.
Additionally, more and more companies and employees are accepting the Bring-Your-Own-Device (BYOD) system in order to become more agile in their work. This also means that workers will not have the same level of security they can have for their devices when they were in their offices.
68% of businesses feel extremely to moderately vulnerable to insider attacks (Cybersecurity Insiders, 2020).
Only 42% have the appropriate controls in place to prevent an insider attack (AT&T, n.d.).
In response to these threats, 43% of organizations expect a budget increase for IT security over the next year (AT&T, n.d.).
52% of businesses agree that it’s harder to detect insider threats than external attacks (Cybersecurity Insiders, 2020).
The BYOD system in companies has amplified insider threats with 82% of organizations not able to detect insider threats from personal devices used by their employees (Bitglass, 2020).
Among the top reasons why it’s harder to prevent and detect insider attacks are (1) insiders already have credentialed access to network and services (59%), (2) increased use of applications that can leak data (i.e. web email, Dropbox, social media) (50%), and (3) an increased amount of data that leaves protected boundary/parameter (47%) (Cybersecurity Insiders, 2020).
53% of companies said the transition to cloud computing has made it harder to detect insider attacks (Cybersecurity Insiders, 2020).
Source: Cybersecurity Insiders, 2020
There is no one fool-proof approach to hindering insider threats. The statistics reveal how organizations use a variety of tactics and tools to combat the threats. These include user behavior analytics, in-app audit system/feature, user training, and information security governance.
When it comes to countering insider threats, more organizations are focusing on deterrence (61%). This is followed by detection of internal threats (60%), and analysis and post-breach forensics (45%) (Cybersecurity Insiders, 2020).
For tools and strategies, the majority of companies are deploying user training awareness (55%) to prevent insider attacks. This is followed by data loss prevention (54%), and user behavior analytics (50%) (IBM, 2020).
Meanwhile, user behavior analytics (UBA) ($3.4 million), privileged access management ($3.1 million), and user training and awareness ($3 million) were the top tools and strategies that gave the highest cost savings for companies (IBM, 2020).
View in full screen
Download PNG image
Download JPEG image
View data table
Tools and Activities That Reduce Insider Threats
Percentage of Companies Using Each Tool/Activity
Tools and Activities That Reduce Insider Threats Tools and activities that reduce insider threats: 55
Tools and activities that reduce insider threats
Tools and Activities That Reduce Insider Threats Data loss prevention (DLP): 54
Data loss prevention (DLP)
Tools and Activities That Reduce Insider Threats User behavior analytics (UBA): 50
User behavior analytics (UBA)
Tools and Activities That Reduce Insider Threats Employee monitoring & surveillance: 47
Employee monitoring & surveillance
Tools and Activities That Reduce Insider Threats Security incident & event management (SIEM): 45
Security incident & event management (SIEM)
Tools and Activities That Reduce Insider Threats Incident response management (IRM): 44
Incident response management (IRM)
Tools and Activities That Reduce Insider Threats Strict third-party vetting procedures: 43
Strict third-party vetting procedures
Tools and Activities That Reduce Insider Threats Threat intelligence sharing: 42
Threat intelligence sharing
Tools and Activities That Reduce Insider Threats Privileged access management (PAM): 39
Privileged access management (PAM)
Tools and Activities That Reduce Insider Threats Network traffic intelligence: 38
Network traffic intelligence
Source: IBM, 2020
Insider Threats: Prevention is Better Than Cure
The insider threat statistics we presented reveal just how insider threats have increased to a rate that organizations can no longer ignore. Also, based on trends, it seems like these types of attacks will keep on proliferating. As the majority of companies agree, detecting insider threats is more challenging since the potential insider threat actors already have credentialed access to the organization’s network.
There are measures you can put in place and tools you can use to prevent a full-blown attack. Why is this important? Just by looking at the numbers and costs a company might incur for every incident of an insider data breach, we can surmise that prevention is still better than cure. With that said, we do acknowledge that stopping every incident of an insider threat sounds like a tall order. First, preventive measures can involve millions of dollars, long hours of user training, and lots of manpower to make sure IT security protocols are followed. These things can cause organizations to look the other way, especially for smaller businesses that do not have the budget and people to focus on the task.
However, having preventive measures in place will always be the prudent thing to do for your business. Aside from the cost savings, dodging an insider attack—or any cyber attack for that matter—is ultimately about protecting your customers and your organization’s reputation. Be sure to read up on upgrading your cybersecurity measures to know how you can further strengthen your defenses against cybercrimes.
Bitglass (2020). Bitglass’ 2020 Insider Threat Report. Retrieved from Bitglass
Nestor Gilbert is a senior B2B and SaaS analyst and a core contributor at FinancesOnline for over 5 years. With his experience in software development and extensive knowledge of SaaS management, he writes mostly about emerging B2B technologies and their impact on the current business landscape. However, he also provides in-depth reviews on a wide range of software solutions to help businesses find suitable options for them. Through his work, he aims to help companies develop a more tech-forward approach to their operations and overcome their SaaS-related challenges.
Why is FinancesOnline free?
FinancesOnline is available for free for all business professionals interested in an efficient way to find top-notch SaaS solutions. We are able to keep our service free of charge thanks to cooperation with some of the vendors, who are willing to pay us for traffic and sales opportunities provided by our website. Please note, that FinancesOnline lists all vendors, we’re not limited only to the ones that pay us, and all software providers have an equal opportunity to get featured in our rankings and comparisons, win awards, gather user reviews, all in our effort to give you reliable advice that will enable you to make well-informed purchase decisions.