Insider Threat Statistics: Updated for 2021

Over the last decade, the topic of cybersecurity has become increasingly more relevant. After all, in 2020, we saw a total of 37 billion records compromised, a 141% increase compared to 2019. In response to the rising number of data breaches, Governments across the globe have been introducing stringent data privacy laws, which come with hefty fines for non-compliance.

This has contributed to the rising costs associated with data breaches. And lest we forget about the impact which the coronavirus pandemic has had on the cybersecurity landscape.

With increasingly more employees working from home, the risk of insider threats has only further increased. Below is a round-up of the most widely cited insider threat statistics from 2020.

What Percentage of Security Incidents are Caused by Insiders?

This is a tricky question to answer, as the term “insider threat” is somewhat ambiguous. After all, most security incidents are, in some way or another, the consequence of either a negligent or malicious insider.

Some definitions recognize employee negligence as an insider threat, whereas some only recognize threats that are malicious. As a result, the statistics can vary wildly. For example, according to the 2021 Data Breach Investigations Report (DBIR), insiders are responsible for around 22% of security incidents.

Yet, researchers from Stanford University and a top cybersecurity organization found that approximately 88% of all data breaches are caused by an employee mistake, according to the following publication.

What Type of Insiders Pose the Greatest Threat?

Bitglass, 2020

• 63% of companies believe that privileged users present the biggest security threat.
• 60% of companies believe that managers with access to sensitive data pose the biggest security threat.
• 57% believe that contractors and consultants are the biggest threat.
• 51% believe that regular employees are the biggest threat.

Panda Security, 2020

• 62% of security incidents involve negligent employees or contractors.
• 14% of security incidents are caused by malicious insiders.

What Types of Insider Threat are the Most Prevalent?

Fortinet, 2019

• 38% of cybersecurity experts believe phishing to be the most prevalent type of insider threat.

Securonix, 2020

• In the US, data exfiltration has been cited as the most common type of insider threat, accounting for 62% of incidents. This is followed by privilege misuse (19%), data aggregation/snooping (9.5%), infrastructure sabotage (5.1%), circumvention of IT controls (3.8%), and account sharing (0.6%).

What is the Primary Motive Behind Insider Threats?

Fortinet, 2019

• Fraud is the primary motive behind insider threats, accounting for 55% of incidents. This is followed by monetary gain (49%), and IP theft (44%).

Are Insider Threats Becoming More Frequent?

Cybersecurity Insiders, 2020

• 68% of organizations have observed that insider attacks have become more frequent over the last 12 months.

ObserveIT, 2020

• Since 2018, we’ve seen a 47% increase in cybersecurity incidents.

Shey, 2020

• Insider threats are predicted to increase by 8% in 2021.

Why are Companies Struggling to Detect Insider Threats?

Cybersecurity Insiders, 2020

• 59% of organizations believe that the reason why it is harder to detect insider threats than external threats is because insiders already have legitimate access to the network.
• 50% believe that increased use of applications that can be used to leak data is the main reason why insider threats are difficult to prevent.
• 47% believe that the increased amount of data they store is widening the attack surface, and thus increasing the likelihood of insider threats.
• 53% of companies said the transition to cloud computing has made it harder to detect insider attacks.

What is the Cost of Insider Threats?

ObserveIT, 2020

• The average annual cost of insider threats has increased by 31% over the last two years – currently standing at $11.45 million.
• Incidents caused by negligent employees cost organizations around $307,000 per incident.
• Incidents caused by malicious employees cost organizations around $756,000 per incident.
• Incidents caused by credential theft cost organizations around $871,000 per incident.
• Organizations with more than 75,000 employees have spent an average of $17.92 million over the past year.
• Organizations with less than 500 employees have spent an average of $7.68 million over the past year.

Cybersecurity Insiders, 2020

• 50% of companies say that the true cost of a major security breach is less than $100,000.
• 34% of companies believe that the true cost of a major security breach is between $100,000 and $500,000.

IBM, 2020

• Organizations in the USA experienced the highest average annual cost of insider threats at $13.3 million. Followed by the Middle East at $11.65 million. Europe’s cost amounted to $9.82 million, while Asia-Pacific totalled $7.89 million.
• The financial services sector spent the most on insider threat prevention measures ($14.50 million).
• The technology and software sector spent $12.31 million and $12.30 million respectively.
• The use of user behavior analytics (UBA) solutions saved companies approximately $3.4 million.
• A strong privileged access management (PAM) strategy saved companies $3.1 million.
• User training and awareness saved companies approximately $3 million.

What is the Current State of Insider Threat Prevention?

Cybersecurity Insiders, 2020

• 68% of companies feel extremely to moderately vulnerable to insider attacks.
• 78% of companies believe they have very effective processes in place for managing access privileges.
• 52% of companies agree that it’s harder to detect insider threats than external threats.
• 86% of organizations say they find it moderately difficult to very difficult to determine the actual damage of an insider attack.

AT&T (date unknown)

• Only 42% of companies have the appropriate controls in place to prevent insider attacks.

Bitglass, 2020

• 82% of organizations are not able to detect insider threats from personal devices used by their employees.

What are Companies Doing to Protect Themselves Against Insider Threats?

Cybersecurity Insiders, 2020

• 61% or organizations are focusing on deterrence.
• 60% are focusing on the detection of internal threats.
• 45% are focusing on analysis and post-breach forensics.

IBM, 2020

• 55% of companies are deploying security awareness training.
• 54% are focusing on data loss prevention.
• 50% are focusing on user behavior analytics (UBA).

How Does Lepide Help to Prevent Insider Threats?

As mentioned above, 60% of organizations are focusing their attention on detecting insider threats. This is obviously a positive course of action, and the Lepide Data Security Platform is designed to do just that.

Lepide Data Security Platform will monitor your privileged accounts, as well as detect and respond to anomalous file and folder activity. Anytime documents containing sensitive data are accessed, moved, modified or removed, and alert is sent to the administrator, which they can check to see if the performed actions were legitimate.

Lepide Data Security Platform also provides a number of additional features, including automated data discovery and classification, inactive user account management, threshold alerting, and more. LDSP can also aggregate event logs from multiple platforms, including most popular cloud platforms.

If you’d like to see how the Lepide Data Security Platform can help give you more visibility over your sensitive data and protect you against insider threats, schedule a demo with one of our engineers or start your free trial today.