31 Insider Threat Stats You Need To Know In 2024

Insider threats are present in companies all over the world. If you have any type of valuable information and you work with other people, then your company could fall victim to an insider threat. 

As this article will show you, insider threats can be extremely damaging. 

You may have a disgruntled employee who leaves your company and takes their credentials with them. If you fail to decommission those credentials, you are leaving yourself vulnerable to these attacks. 

In some ways insider threats are preventable. An employee monitoring software can be added as a line of defense against these devastating attacks. 

No matter what, you don’t want them to happen to your company. There are a number of ways that an insider threat can pounce, and these stats might surprise you!

What are Insider Threats Exactly?

Insider threats are those that stem from insiders, or anyone with access to the internal workings of a company. 

An insider can range from the person who cleans the toilets to your business partners and paid employees. That’s why business owners need to be careful when it comes to keeping their company safe. 

If you work with a partner, third-party, or another business (like in a B2B relationship), then you need to put safeguards in place so that an insider attack doesn’t happen to you!

Note that there are two kinds of insider attacks: a malicious insider and a negligent one. A negligent insider might leave their computer unlocked when they go to the bathroom. During that time, someone could come by and snap some pictures or take valuable information off of the computer.

Malicious insiders are the opposite—they use their company access against that company. It might be for malicious gain or financial gain. No matter what, their access can ruin any size company, or cost them thousands of dollars.

The 31 Insider Threat Statistics You Need to Know in 2024

Don’t let these insider threat statistics catch you off guard: 

  • Insider threats affect over 34% of businesses globally every year.
  • 66% of companies think that insider attacks are more likely to happen.
  • Insider incidents have increased by 47% over the last two years
  • In 2020, insider threats due to credential theft cost $27.9 million. 
  • Trusted business partners account for 15 to 25% of insider threat incidents. 
  • The majority of businesses (55%) are using some tool to monitor for insider threats; including data leak prevention (DLP) software (54%), user behavior analytics (UBA) software (50%), and employee monitoring and surveillance (47%).

Jaw-Dropping Insider Threat Trends

Those who are aware of cybersecurity know that insider threats are extremely prevalent, mainly because insiders have more access to sensitive company data compared to external malicious actors. 

Still, insider threat protection is an underestimated area of security. Recent industry changes have seen a rise in insider attacks, so it’s imperative that you pay attention to the internal security of your company!

We’ve taken the time to gather over 31 insider threat statistics that you need to pay attention to in 2024. 

These stats suggest that every business needs to invest heavily in security threat protection and employee monitoring to keep insider attacks at bay.

1. It will take an average of 197 days to identify a data breach and another 77 days to recover from one.

(Source: IBM)

Identifying a data breach involves stopping production and locating the source of the breach and mitigating it. This is one of the many reasons that insider threat protection and mitigation are so important. 

2. In 2021, 33% of companies had over 50% of their workloads in the cloud.

(Source: Cybersecurity Insiders)

Companies and organizations have rapidly migrated their workloads from data centers to the cloud. This trend has been accelerating especially during the COVID-19 pandemic.

3. Credential threats are increasingly expensive, costing organizations $871,000 per incident.

(Source: Observe IT)

A large portion of insider threats are credential threats, and they are increasing every year. Credential threats are when an insider’s (i.e., worker, manager, or contractor) credentials are stolen. 

This is, most often, accidental. An employee might share their login details with a hacker on a website that looks legitimate when it is not!

4. Insider threats have jumped by 47% in recent years.

(Source: Panda Security)

From 2018 to 2020, insider attacks went from 3,200 to 4,700 per year. That’s almost 50% or half the occurrence of 2018 alone. 

This clearly indicates that insider threats, either due to malicious associates, employees, or errors, are trending upwards. 

The frequency of insider attacks means that 60% more organizations are experiencing 30 insider attacks (each year). 

5. Two of three insider threat incidents are caused by negligence.

(Source: Observe IT)

While we might often think of malicious employee hacking into a company, most insider threats come from negligence.

6. Privileged users represent the greatest insider threat risk.

(Source: Observe IT)

55% of organizations agree that privileged users, those with the most access to a company, present the greatest risk. 

Employee monitoring software is one of the primary ways to mitigate these risks. 

7. 70% of organizations are seeing insider attacks more frequently.

(Source: Security Round Table)

With insider threats on the rise over the last two years, more companies moving to online environments, and small businesses still not believing the risks of insider threats, these attacks are more likely to occur and to occur more often!

Insider threats can also lead to data breaches. IT professionals need to deploy insider threat awareness to help stop these attacks. 

8. 68% of organizations claim they feel extremely vulnerable to frequent attacks.

(Source: Malware Bytes)

Only 1 in 10 organizations believe that their security needs are met. This means that there are vulnerabilities in businesses worldwide that are left exposed and could result in an insider attack or major data breach. 

9. 85% of organizations find it difficult to determine the damage of an insider attack.

(Source: Security Round Table)

A business that can identify an insider attack might not be able to understand the extent of the true damage. Downtime, lost customers, and lawsuits might cause more damage. Things get worse the longer the attack goes on and if insider information is stolen. 

10. Over 34% of businesses globally are affected by insider threats annually.

(Source: Sisa Infosec)

One-third of businesses will be affected by an insider threat. You don’t want it to be you! If you collect any kind of sensitive data, then you need to deploy a comprehensive insider threat security plan. 

11. Many (70%) organizations are worried about unavoidable (accidental) data breaches.

(Source: Haystax)

You can do your very best to stop known attacks, but attacks from users who either unintentionally or accidentally allow malicious actors to gain access are difficult to track, hard to stop, and they can happen to anyone. 

These are the attacks that businesses are worried about. 

12. Major drivers of insider threats include fraud, monetary gains, and theft of intellectual property.

(Source: Fortinet)

Fortinet surveyed IT professionals and found that fraud (55%), monetary gains (49%), and IP theft (44%) were the three biggest reasons why an insider threat attack occurred. 

Additionally, the survey reported that the finance department (41%), the customer success department (35%), and the research and development department (33%) were the most vulnerable.

13. Insider incidents are perpetrated by trusted business partners (15 to 25%) across all incident types and industry sectors.

(Source: Insights)

You trust business partners with sensitive information. Unfortunately, they can still use their credentials for personal gain. Trusted business partners could fall victim to a negligent insider attack as well. 

The finance and insurance (38%) sector is often hardest hit, followed by the healthcare (18%), information technology (22%), the federal government (31%), state and local government (16%), and entertainment (30%) sectors. 

Top Insider Threat Stats to Look for in 2024

As with all cybersecurity threats, insider threat stats continue to grow in 2024. Here are the top reported threats to help you prepare for this upcoming year:

  • US businesses encounter 2,500 internal security breaches daily (Techjury)
  • Insider threat cost in 2022 was $15.38 million (Techjury)
  • Most insider threat attacks (still) occur due to human error (Techjury)
  • More than half of businesses experienced an insider threat in 2022 (YahooFinance)
  • Insider threats will rise in 2023 (Security Informed)
  • The cost of an insider threat attack rose from $11.4 to $15.3 million between 2020 and 2020 (Security Informed) 

Insider Threat FAQs

Who causes insider attacks?

Insider attacks come from anyone who has been granted access to a company. The individual may be a worker, a contractor, or a third party. They may seem like a trusted individual and they may have your best interest at heart. 

The truth of trusting credentials to workers or business partners is that accidents do happen. Insider attacks can occur due to negligent employees, accidents (like downloading malware), or malicious actors. 

What percentage of attacks were insider threats?

Insider threats make up a large majority (60%) of cyber attacks in 2021, and these are expected to grow. Insiders can contribute to data breaches as well, so it may be hard to know how devastating they truly are. 

What is an example of an insider threat?

Mr. Chung was an engineer at Rockwell and then he later moved to Boeing. 

Between the years 1976 and 2006, he managed to use his security clearance to steal information on US military and space programs. He traded those secrets with China for a financial sum. Eventually, he was caught!

Another great example is that of a Facebook employee who used their credentials to stalk women online. The perpetrator was eventually caught and fired.

What impact could insider threats have on your company?

Insider threat statistics clearly show us that these threats can cause extenuating damage. The engineer Mr. Chung is a great example of this. Mr. Chung managed to steal state secrets through his work as an engineer. He then sold them to a military rival with the US. These could have more than devastating effects. 

Mr. Chung’s stealing went on for 19 years before he was caught!

While you may not be a company that creates highly classified government machines, your information is still valuable and your customers trust their data with your business. Insider threats could risk the integrity of your entire company. 

Insider Threat Data Breach Statistics

As we move online, businesses are experiencing more attacks than ever before. Here are insider threat data breach statistics: 

14. Phishing attacks are still causing 67% of accidental insider threats.

(Source: US Cybersecurity)

Phishing attacks are one of the oldest ways for hackers to penetrate a company network. They are extremely effective and frequently used. Phishing attacks often occur in emails that aim to trick users into clicking on a corrupt file and downloading it or clicking on recognizable links like calendar invites.

Once the malware is on the company computer, it can download keystroke logging details and gain more sensitive information. 

15. 94% of malware comes from emails.

(Source: CSO Online)

Your employees might accidentally download malware. Malware is perhaps the most successful form of cyberattack. This is because it can transfer via email or local networks and even be forwarded. It spreads throughout a company through apps, websites, and networks. 

16. US Companies experience over 2,500 internal security breaches daily.

(Source: IS Decisions)

A recent survey revealed that only one in five IT professionals consider insider threats a real concern. Accordingly, 39% of organizations have a team capable enough to implement information and cybersecurity. 

This might explain why so many US businesses experience insider attacks at such a high frequency. Employees, employers, and IT personnel struggle to follow security protocols, even if they are implemented correctly. 

17. When asked about the biggest security threats, 59% of organizations said it was the exfiltration of sensitive data, and 36% were concerned about malicious insiders.

(Source: Cybersecurity Insiders)

As we know, insider threats occur often. This statistic shows that they certainly present a threat to organizations and companies.

The Cost of Insider Threats for Organizations

Whether it is in resolving a threat or trying to prevent one, the cost of insider threats is ever increasing.

18. Compared to smaller organizations, larger organizations spend $10.24 million more on insider threat cases.

(Source: Observe IT)

Naturally, larger organizations often have more data and networks to deal with. If they experience an attack, they will likely have to spend more money to find, mitigate, and recover. 

Large organizations with workforces over 75,000 spent an average of $17.92 million on insider threats alone, whereas smaller organizations (500 or less) spent $7.68 million on the same cause.

19. Global spending on security exceeded $54 billion by the end of 2021.

(Source: Statista)

Spending on threat mitigation (including tools, software, and training) grew to over $54 billion by the end of 2021. This is approximately $23 billion more (on average, each year) since 2017.

A large portion of the funds will secure cloud solutions since these are primary vulnerability drivers and are still new to companies. 

20. Insider attacks that take a long time to resolve cost $6.58 million more than those that are resolved quickly. 

(Source: Panda Security)

Attacks are becoming more sophisticated. With data unable to be accessed and companies needing to shut down to mitigate the threat, attacks cost businesses a lot of money. 

The longer it takes, the more money it will cost you. Incidents that take more than 90 days to resolve cost an average of $13.7 million annually. Those that last less than 30 days cost an average of $7.12 million.

21. Spending on insider threats has increased by more than 60% since 2020.

(Source: Observe IT)

The primary spenders behind security measures are investigation and detection. 

Soon, insider threat protection budgets may equal or exceed those of data breaches, in particular, because insiders are so difficult to catch!

22. Careless insider threats account for 62% of data breaches, according to Ponemon.

(Source: Proofpoint)

Malicious employee activity can result in insider threats. However, that’s not always the case. Employees sometimes make honest mistakes.

What Makes Insider Attacks so Dangerous?

Insiders have privileged and often authorized access to the internal workings of your company. So not only would they more easily be able to access sensitive data, but they also know how to navigate the system. 

All it takes is one bad actor or one lazy employee, and a malicious attack could be happening to your organization’s network. 

Insider attacks are so dangerous because they are often hard to predict and difficult to stop. 

Top Insider Threat Actors

Earlier we said there were two types of insider threats, but we can further break down those demographics into workers and insiders. 

23. 67% of privileged IT users are a top insider threat actors.

(Source: Cybersecurity Insiders, 2020)

Insider attacks are deadly because they often grant bad actors immediate access to sensitive data. Well, it’s worse if the bad actor is already a privileged user. 

24. Cybersecurity industry is expected to reach $60 billion in 2021 due to the COVID-19 pandemic.

(Source: Statista)

Since the COVID-19 outbreak, many companies have sent their workers to their home offices. This created new vulnerabilities in the IT world and impacted cybersecurity too.

25. 57% of insider threat actors are contractors and consultants.

(Source: Bitglass, 2020)

Contractors and consultants might access parts of your system to do their job. Unfortunately, this gives them privileged knowledge of your company’s inner workings, and sometimes they get credentials too. 

Employee monitoring can alert you when contractors or consultants are taking action when and where they shouldn’t be. 

26. According to Verizon, 85% of data breaches involve a human element.

(Source: Proofpoint)

This requires both employers and employees to think differently to implement the solutions to keep themselves safe.

27. 68% of companies worry about negligent employees causing insider threat breaches.

(Source: AT&T Business)

Negligent employees might not follow the security protocol that you’ve laid out. If they ignore these protocols, they put the network at risk for a cyber attack. 

While negligent workers do not intend to cause any harm to a business, they might become the source of an insider threat incident! Their actions are capable of causing an insider security data breach. 

28. 61% of companies worry about malicious workers causing data breaches.

(Source: AT&T Business)

The majority of companies worry that an employee might come in to harm a business. This can very well be the case in high-risk companies like banks and insurance agencies. 

Malicious workers do just that. Maybe they came in with that intent, or it grew over time. No matter what, they attack your company for personal gain. 

29. 71% of companies are most worried about inadvertent data breaches.

(Source: AT&T Business)

Inadvertent data breaches might be the worst because they might not be anyone’s fault and are difficult to track. 

An inadvertent data breach could come from an insider or a malfunctioning system. Employees might follow the security policy and accidentally download malware or a virus onto the computer network. 

This places the whole system at risk; naturally, 71% of companies are worried about this risk. 

30. Nearly 70% of employees polled in a survey said they recently received cybersecurity training. However, 61% of employees failed when asked to take a quiz on that topic.

(Source: SC Magazine)

This means that companies still need to train their employees because training is one of the best defence strategies against cyber attacks.  

31. 55% of companies use tools and activities to reduce insider threats, 54% use DLP software, 50% use UBA software, and 47% use employee monitoring and surveillance.

(Source: IBM, 2020)

It’s clear that with how difficult it is to detect insiders and stop them, you need multiple protections. However, it seems like only half of the companies are using at least one tool to reduce an insider threat.

Protect Your Business Against Insider Threats

Insider threats should not be overlooked as they often pose more danger than data breaches. 

Because the frequency of insider threats is increasing, businesses need to arm themselves with the proper protections. 

Protective software like UBA software, DLP software, and employee monitoring will be a great line of defense. Of course, businesses should have firewalls, antivirus, and antimalware already in place!

What have you done to protect your business?

By SoftActivity Team




Security Informed

Panda Security 

Observe IT 

Security Round Table 

Malware Bytes 

Sisa Infosec 




IS Decisions 

ID Watchdog 

Observe IT 

Globe News Wire 

US Cybersecurity 

CSO Online 


IT Portal 

Observe IT


AT&T Business

Cybersecurity Insiders

January 31st, 2023