31 Crucial Insider Threat Statistics: 2024 Latest Trends & Challenges

When we talk about cybersecurity, we often think about hackers outside organizations trying to access private, sensitive data. However, threats from insiders are fast becoming a grave concern among businesses. As insider threat statistics show, these instances have been rising and an overwhelming number of businesses are not prepared to handle them. Implementing some of the best IT security software will, of course, help but there are still many challenges, especially when the enemy is right inside your own backyard.

Through these statistics, you can learn more about the latest trends, risks, and strategies you can use for your organization’s cybersecurity measures. We’ll highlight data on the types of insider threats, the costs companies incur due to these threats, and what steps you can do to prevent and prepare for such insider attacks.

1. General Insider Threat Statistics

Frequency of attacks

The latest reports say that there has been an insider threat increase over the years. One survey revealed that more than half of respondents have experienced insider attacks more than 20 times in a year.

What’s more worrisome is that the majority of businesses admit that they feel vulnerable. They are not fully capable of knowing where or when these attacks might originate. That’s because it’s hard to determine when users of a company’s system are simply doing their day-to-day work or are up to something malicious. Moreover, employees might not even know they are already exposing sensitive information out of pure negligence.

• 60% of data breaches are caused by insider threats (Goldstein, 2020).
• 68% of organizations have observed that insider attacks have become more frequent over the last 12 months (Cybersecurity Insiders, 2020).
• The number of insider-caused cybersecurity incidents increased by 47% since 2018 (ObserveIT, 2020).
• Another report predicts that the frequency of insider data breaches will increase by 8% through 2021 (Shey, 2020).
• 61% of companies have had an insider attack in the past year (Bitglass, 2020).
• 60% of organizations had more than 20 incidents of insider attacks a year (IBM, 2020).

Insider threat actors

The majority of companies agree that privileged users, administrators, and C-level executives are some of the most dangerous insider threat actors. Meanwhile, fraud and financial gains are the top motivations that drive malicious insiders.

• 63% of organizations think that privileged IT users pose the biggest insider security risk to organizations (Cybersecurity Insiders, 2020).
• 60% of companies said managers with access to sensitive information are the top insider threat actors. This is followed by contractors and consultants (57%), and regular employees (51%) (Bitglass, 2020).
• 78% don’t believe that they have very effective processes in place when managing IT privileges (Cybersecurity Insiders, 2020).
• Fraud (55%), monetary gain (49%), and IP theft (44%) are the top motivations for insider attacks (Fortinet, 2019).

2. Types of Insider Threats

Not all insider threats are the same. Some involved data exfiltration while others are connected to privilege misuse. Also, not all insider threats are carried out with malicious intent. A huge part of insider data breaches actually comes from unintentional breaches and the negligence of employees.

• Businesses worry about inadvertent data breaches (71%), negligence of employees with IT protocols (68%), and malicious data breaches (61%) (AT&T, n.d.).
• 62% of insider incidents are caused by negligent employees or contractors, making it one of the most common insider threats. The least common type is malicious insiders (14%) (Panda Security, 2020).
• Phishing is one of the most prevalent cybercrimes. 38% of cybersecurity experts perceive phishing as the biggest vulnerability among accidental insider threats (Fortinet, 2019).
• In the US, the most common type of insider threat is data exfiltration (62%). This is followed by privilege misuse (19%), data aggregation/snooping (9.5%), infrastructure sabotage (5.1%), circumvention of IT controls (3.8%), and account sharing (0.6%) (Securonix, 2020).

3. The Cost of Insider Threats

It’s not just the frequency of insider attacks that are increasing but also the financial devastation they cause to businesses. Basically, financial damages are classified into three: direct cost, indirect cost, and loss opportunity cost. It can also be hard to determine the actual cost of each insider attack since the specifics of cases can vary significantly.

• The average annual cost of insider threats has skyrocketed in only two years, rising 31% to $11.45 million (ObserveIT, 2020).
• 86% of organizations say they find it moderately difficult to very difficult to determine the actual damage of an insider attack (Cybersecurity Insiders, 2020).
• It’s difficult to compute the true cost of a major security breach, but 50% of organizations say their estimate is less than $100,000. Thirty-four percent said they expect damages to be between $100,000 and $500,000 (Cybersecurity Insiders, 2020).
• Companies in North America experienced the highest average annual cost of insider threats at $13.3 million. Followed by the Middle East at $11.65 million. Europe’s cost amounted to $9.82 million, while Asia-Pacific totaled $7.89 million (IBM, 2020).
• Negligent insiders cost companies around $307,000 per incident. Criminal insiders cost $756,000 per incident, while credential thieves cost $871,000 per incident (ObserveIT, 2020).
• The industry and size of the company make a difference on the amount spent on combatting insider threats. Large organizations (more than 75,000 employees) spent an average of $17.92 million over the past year. In contrast, smaller organizations (below 500 employees) spent an average of $7.68 million (ObserveIT, 2020).
• Meanwhile, the sector that spent the most on measures against insider threats is the financial services sector ($14.50 million). The services sector and the technology and software sector follow with $12.31 million and $12.30 million, respectively (IBM, 2020).

4. State of Insider Threat Prevention

More than half of organizations agree that it’s harder to prevent insider attacks than external ones. There are several factors that have made it this way. For example, many businesses have transitioned to the cloud and use multiple apps to run their daily operations. This means a huge volume of data now leaves a company’s secure parameters.

Additionally, more and more companies and employees are accepting the Bring-Your-Own-Device (BYOD) system in order to become more agile in their work. This also means that workers will not have the same level of security they can have for their devices when they were in their offices.

Detection

• 68% of businesses feel extremely to moderately vulnerable to insider attacks (Cybersecurity Insiders, 2020).
• Only 42% have the appropriate controls in place to prevent an insider attack (AT&T, n.d.).
• In response to these threats, 43% of organizations expect a budget increase for IT security over the next year (AT&T, n.d.).
• 52% of businesses agree that it’s harder to detect insider threats than external attacks (Cybersecurity Insiders, 2020).
• The BYOD system in companies has amplified insider threats with 82% of organizations not able to detect insider threats from personal devices used by their employees (Bitglass, 2020).
• Among the top reasons why it’s harder to prevent and detect insider attacks are (1) insiders already have credentialed access to network and services (59%), (2) increased use of applications that can leak data (i.e. web email, Dropbox, social media) (50%), and (3) an increased amount of data that leaves protected boundary/parameter (47%) (Cybersecurity Insiders, 2020).
• 53% of companies said the transition to cloud computing has made it harder to detect insider attacks (Cybersecurity Insiders, 2020).

Prevention

There is no one fool-proof approach to hindering insider threats. The statistics reveal how organizations use a variety of tactics and tools to combat the threats. These include user behavior analytics, in-app audit system/feature, user training, and information security governance.

• When it comes to countering insider threats, more organizations are focusing on deterrence (61%). This is followed by detection of internal threats (60%), and analysis and post-breach forensics (45%) (Cybersecurity Insiders, 2020).
• For tools and strategies, the majority of companies are deploying user training awareness (55%) to prevent insider attacks. This is followed by data loss prevention (54%), and user behavior analytics (50%) (IBM, 2020).
• Meanwhile, user behavior analytics (UBA) ($3.4 million), privileged access management ($3.1 million), and user training and awareness ($3 million) were the top tools and strategies that gave the highest cost savings for companies (IBM, 2020).

5. Signs of Potential Insider Threat

Identifying insider threats early can help mitigate damage. Here are key behavioral red flags to watch for:

• Unusual Access Patterns: Employees accessing data or systems outside their usual scope, especially after hours, may signal potential misuse of information.
• Unexplained Absences or Personal Issues: Sudden absences, personal stress, or interpersonal conflicts can sometimes trigger insider threats. While not a direct cause, these changes can increase risk.
• Downloading or Transferring Large Amounts of Data: Employees downloading large volumes of data or transferring files to personal devices or external storage may be preparing to steal sensitive information.
• Unusual or Defensive Behavior: If an employee becomes secretive, defensive, or hostile when questioned about their work, it could indicate an attempt to conceal malicious actions.
• Negative Attitude or Work Ethic Changes: A noticeable decline in productivity, engagement, or interest in work may signal dissatisfaction or a potential threat, especially if the employee has access to sensitive data.
• Attempts to Circumvent Security: Insider threats often try to bypass security measures. Watch for attempts to disable security systems or use unauthorized devices.
• Excessive Inquiries About Sensitive Information: Employees asking too many questions about proprietary data, future plans, or financial details could indicate malicious intent.

Insider Threats: Prevention is Better Than Cure

The insider threat statistics we presented reveal just how insider threats have increased to a rate that organizations can no longer ignore. Also, based on trends, it seems like these types of attacks will keep on proliferating. As the majority of companies agree, detecting insider threats is more challenging since the potential insider threat actors already have credentialed access to the organization’s network.

There are measures you can put in place and tools you can use to prevent a full-blown attack. Why is this important? Just by looking at the numbers and costs a company might incur for every incident of an insider data breach, we can surmise that prevention is still better than cure. With that said, we do acknowledge that stopping every incident of an insider threat sounds like a tall order. First, preventive measures can involve millions of dollars, long hours of user training, and lots of manpower to make sure IT security protocols are followed. These things can cause organizations to look the other way, especially for smaller businesses that do not have the budget and people to focus on the task.

However, having preventive measures in place will always be the prudent thing to do for your business. Aside from the cost savings, dodging an insider attack—or any cyber attack for that matter—is ultimately about protecting your customers and your organization’s reputation. Be sure to read up on upgrading your cybersecurity measures to know how you can further strengthen your defenses against cybercrimes.

Key Insights

• Rising Frequency of Insider Threats: Insider threats have significantly increased, with more than half of organizations experiencing over 20 incidents per year. The frequency of these attacks is projected to rise, making it a critical concern for businesses.
• Vulnerability of Organizations: A majority of businesses feel vulnerable to insider attacks and admit they lack the necessary processes to effectively manage IT privileges and prevent insider threats.
• Types of Insider Threats: The most common insider threats stem from negligent employees or contractors, followed by malicious insiders. Phishing remains a prevalent method of unintentional data breaches.
• High Costs of Insider Threats: The financial impact of insider threats is substantial, with the average annual cost skyrocketing to $11.45 million. The cost varies significantly depending on the size and industry of the company.
• Challenges in Detection and Prevention: Preventing insider threats is challenging due to the inherent access insiders have to networks and the increased use of applications that can leak data. The transition to cloud computing and BYOD policies further complicate detection and prevention efforts.
• Effective Prevention Strategies: Organizations are focusing on deterrence, detection, and analysis of insider threats. Effective tools include user behavior analytics, privileged access management, and comprehensive user training programs.
• Necessity of Proactive Measures: Investing in preventive measures, despite being costly and resource-intensive, is crucial for protecting customers and maintaining an organization’s reputation. Preventive strategies can significantly reduce the financial impact and operational disruptions caused by insider threats.

FAQ

1. What are insider threats? Insider threats are security risks that originate from within the organization. These threats can come from current or former employees, contractors, or business partners who have access to the organization’s systems and data.
2. Why are insider threats increasing? Insider threats are increasing due to various factors, including the growing complexity of IT environments, the rise of remote work and BYOD policies, and the increased use of cloud services. These factors make it easier for insiders to access and misuse sensitive information.
3. Who are the most common insider threat actors? The most common insider threat actors are privileged IT users, managers with access to sensitive information, contractors, consultants, and regular employees. Privileged users and C-level executives pose significant risks due to their extensive access to critical systems and data.
4. What motivates insiders to commit malicious activities? The primary motivations for malicious insider activities include fraud, monetary gain, and intellectual property theft. These motivations drive insiders to misuse their access to sensitive information for personal or financial benefits.
5. How do negligent employees contribute to insider threats? Negligent employees contribute to insider threats by inadvertently exposing sensitive information through actions such as falling for phishing attacks, mishandling data, or failing to follow security protocols. Their lack of awareness and careless behavior can lead to significant security breaches.
6. What is the financial impact of insider threats? The financial impact of insider threats is substantial, with average annual costs rising to $11.45 million. The cost per incident can vary, with negligent insiders costing around $307,000, criminal insiders costing $756,000, and credential thieves costing $871,000 per incident.
7. Why is it difficult to detect insider threats? Detecting insider threats is challenging because insiders already have credentialed access to the network, making their activities harder to distinguish from legitimate work. The increased use of applications that can leak data and the vast amount of data leaving protected boundaries further complicate detection efforts.
8. What are some effective strategies for preventing insider threats? Effective strategies for preventing insider threats include implementing user behavior analytics, privileged access management, comprehensive user training programs, and data loss prevention tools. Organizations should focus on deterrence, detection, and analysis of insider threats to mitigate risks.
9. How has the transition to cloud computing affected insider threat prevention? The transition to cloud computing has made it harder to detect and prevent insider threats due to the increased volume of data stored and accessed remotely. Organizations must adapt their security measures to account for the unique challenges posed by cloud environments.
10. Why is investing in preventive measures important for organizations? Investing in preventive measures is crucial for protecting an organization’s sensitive data, maintaining customer trust, and preserving the organization’s reputation. Proactive strategies can significantly reduce the financial and operational impact of insider threats, ensuring long-term business continuity and success.

References:

1. Bitglass (2020). Bitglass’ 2020 Insider Threat Report. Retrieved from Bitglass
2. Cybersecurity Insiders (2020). Insider Threat Report. Retrieved from Cybersecurity Insiders
3. Fortinet (2019). Insider Threat Report. Retrieved from Fortinet
4. Goldstein (2020). What Are Insider Threats and How Can You Mitigate Them? Retrieved from Security Intelligence
5. IBM (2020). Cost of Insider Threats: Global Report 2020. Retrieved from IBM
6. Shey (2020). Predictions 2021: The Path To A New Normal Demands Increased Cybersecurity Resilience. Retrieved from Forrester
7. AT&T (n.d.). Insider Threat Report. Retrieved from AT&T Business
8. ObserveIT (2020). The Real Cost of Insider Threats in 2020. Retrieved from ObserveIT
9. Panda Security (2020). Insider threats have increased 47%. Retrieved from Panda Security
10. Securonix (2020). 2020 Securonix Insider Threat Report. Retrieved from Securonix

By Nestor Gilbert

Nestor Gilbert is a senior B2B and SaaS analyst and a core contributor at FinancesOnline for over 5 years. With his experience in software development and extensive knowledge of SaaS management, he writes mostly about emerging B2B technologies and their impact on the current business landscape. However, he also provides in-depth reviews on a wide range of software solutions to help businesses find suitable options for them. Through his work, he aims to help companies develop a more tech-forward approach to their operations and overcome their SaaS-related challenges.