Insider Threats Are Becoming More Frequent and More Costly: What Businesses Need to Know Now

Data breaches caused by insiders are on the rise—both in terms of frequency and their cost to the business. Yet many organizations continue to rely on blind trust of their employees and extended teams instead of making procedural or technical improvements to better detect and prevent insider threats. It’s time, experts say, for organizations to turn their information security focus inward. Here’s what businesses need to know about this often-underestimated threat.

60% of Data Breaches Are Caused By Insider Threats

Insider threats are reportedly the primary cause for 60 percent of data breaches. A recent study has revealed that the number of insider security incidents has risen by 47 percent since 2018, and the cost of insider threats has risen 31 percent in the same time period.

The current average annual cost of an insider threat is $11.5 million.

Insiders are typically defined as an individual with legitimate access to company assets who causes harm to the business—whether intentionally or unintentionally. Threats could come from current employees, former employees, contractors, or partners who have access (or previously had access) to an organization’s systems or data.

The reasons why insiders resort to criminal acts are varied and may include:

  • Having the capability or opportunity through his or her level of access
  • Making a rationale or justification for the behavior, such as acts by a disgruntled employee
  • Receiving a financial incentive

Even an employee who appears relatively low risk for a security incident at hiring may not stay that way. According to reports, there are various online communities aimed at recruiting company insiders who are willing to provide access to an organization’s network or data. An employee may be particularly susceptible if they work in a lower-wage region, are under financial stress, or become dissatisfied with the organization.

Not All Insider Attacks Are Malicious in Nature

While the term “insider threat” is often used to describe an intentional act, in reality, there is a broad spectrum of potential insider incidents, ranging from the accidental click of a malicious link to outright theft of company data.

In the most innocent of scenarios, an employee may unintentionally put the company at risk by falling for a phishing campaign or by storing unencrypted data in a way that violates the company’s security policies. In the worst case, a malicious insider may purposefully harm the company by destroying or stealing data or sabotaging systems.

Some employees may even take data when they leave the company without realizing the consequences to themselves or to the business. An employee may believe that they are entitled to the documents or projects they worked on, or that they didn’t receive appropriate compensation.

The Risk Your Company Invites In: HR’s Role in Combating Malicious Insiders

IT security teams certainly play a crucial role in helping detect insider incidents through technical solutions, but experts say that it’s ultimately HR’s responsibility to manage the psychological and behavioral element unique to insider incidents.

HR needs to ensure that the company isn’t inviting risk into its ecosystem, either by hiring an employee or contractor with malicious intentions or by not recognizing a team member who has become a security risk during his or her employment.

Here are 8 tips to help prepare your company to better detect and avoid insider threats.

Additional Resources