SoftActivity

31 Insider Threat Stats You Need To Know In 2021

Insider threats are present in companies all over the world. If you have any type of valuable information and you work with other people, then your company could fall victim to an insider threat. 

As this article will show you, insider threats can be extremely damaging. 

You may have a disgruntled employee who leaves your company and takes their credentials with them. If you fail to decommission those credentials, you are leaving yourself vulnerable to these attacks. 

In some ways insider threats are preventable. An employee monitoring software can be added as a line of defense against these devastating attacks. 

No matter what, you don’t want them to happen to your company. There are a number of ways that an insider threat can pounce, and these stats might surprise you!

What are Insider Threats Exactly?

Insider threats are those that stem from insiders, or anyone with access to the internal workings of a company. 

An insider can range from the person who cleans the toilets to your business partners and paid employees. That’s why business owners need to be careful when it comes to keeping their company safe. 

If you work with a partner, third-party, or another business (like in a B2B relationship), then you need to put safeguards in place so that an insider attack doesn’t happen to you!

Note that there are two kinds of insider attacks: a malicious insider and a negligent one. A negligent insider might leave their computer unlocked when they go to the bathroom. During that time, someone could come by and snap some pictures or take valuable information off of the computer.

Malicious insiders are the opposite—they use their company access against that company. It might be for malicious gain or financial gain. No matter what, their access can ruin any size company, or cost them thousands of dollars.

The 31 Insider Threat Statistics You Need to Know in 2021

Don’t let these insider threat statistics catch you off guard: 

  • Insider threats affect over 34% of businesses globally every year.
  • 66% of companies think that insider attacks are more likely to happen.
  • Insider incidents have increased by 47% over the last two years
  • In 2020, insider threats due to credential theft cost $27.9 million. 
  • Trusted business partners account for 15 to 25% of insider threat incidents. 
  • The majority of businesses (55%) are using some tool to monitor for insider threats; including data leak prevention (DLP) software (54%), user behavior analytics (UBA) software (50%), and employee monitoring and surveillance (47%).

Jaw-Dropping Insider Threat Trends

Those who are aware of cybersecurity know that insider threats are extremely prevalent, mainly because insiders have more access to sensitive company data compared to external malicious actors. 

Still, insider threat protection is an underestimated area of security. Recent industry changes have seen a rise in insider attacks, so it’s imperative that you pay attention to the internal security of your company!

We’ve taken the time to gather over 31 insider threat statistics that you need to pay attention to in 2021. 

These stats suggest that every business needs to invest heavily in security threat protection and employee monitoring to keep insider attacks at bay.

1. It will take an average of 197 days to identify a data breach and another 77 days to recover from one.

(Source: IBM)

Identifying a data breach not only involves stopping production but locating the source of the breach and mitigating it. This is one of the many reasons that insider threat protection and mitigation are so important. 

2. In 2021, expect to see cyber threats rise by 8%.

(Source: IT Portal)

A third of these threats will be internal to a company! 

Now that more businesses are moving to remote workers, the risk of online attacks by infiltrating a weak personal firewall has grown. 

Now more than ever, employees are plugging into unknown devices, unprotected devices, and devices on the Internet of Things. These hidden endpoints are ripe with vulnerabilities waiting to be taken advantage of. 

3. Credential threats are increasingly expensive, costing organizations upwards of $871,000 per incident.

(Source: Observe IT)

A large portion of insider threats are credential threats, and they are increasing every year. Credential threats are when an insider’s (i.e., worker, manager, or contractor) credentials are stolen. 

This is, most often, accidental. An employee might share their login details with a hacker on a website that looks legitimate when really it is not!

4. In the past two years, insider threats have jumped by 47%.

(Source: Panda Security)

From 2018 to 2020, insider attacks went from 3,200 to 4,700 per year. That’s almost 50% or half the occurrence of 2018 alone. 

This is a clear indication that insider threats, either due to malicious associates, employees, or errors are trending upwards. 

The frequency of insider attacks means that 60% more organizations are experiencing 30 insider attacks (in each year). 

5. Two of three insider threat incidents are caused by negligence.

(Source: Observe IT)

While we might often think of the malicious employee hacking into a company, most insider threats actually come from negligence.

6. Privileged users represent the greatest insider threats risk.

(Source: Observe IT)

55% of organizations agree that privileged users, those who have the most access to a company, present the greatest risk. 

Employee monitoring software is one of the primary ways to mitigate these risks. 

7. 70% of organizations are seeing insider attacks more frequently.

(Source: Security Round Table)

With insider threats on the rise over the last two years, more companies moving to online environments, and small businesses still not believing the risks of insider threats, these attacks are more likely to occur and to occur more often!

Insider threats can also lead to data breaches. IT professionals need to deploy insider threat awareness to help stop these attacks. 

8. 68% of organizations claim that they feel extremely vulnerable to frequent attacks.

(Source: Malware Bytes)

Only 1 in 10 organizations believe that their security needs are met. This means that there are vulnerabilities in businesses all over the world that are left exposed and could result in an insider attack or major data breach. 

9. 85% of organizations find it difficult to determine the damage of an insider attack.

(Source: Security Round Table)

A business that is able to identify an insider attack might not be able to understand the extent of the true damage. Downtime, lost customers, and lawsuits might cause more damage down the line. Things get worse the longer the attack goes on and if insider information was stolen. 

10. Over 34% of businesses globally are affected by insider threats annually.

(Source: Sisa Infosec)

One-third of businesses will be affected by an insider threat. You don’t want it to be you! If you collect any kind of sensitive data, then you need to deploy a comprehensive insider threat security plan. 

11. Many (70%) organizations are worried about unavoidable (accidental) data breaches.

(Source: Haystax)

You can do your very best to stop known attacks, but attacks from users who either unintentionally or accidentally allow malicious actors to gain access are difficult to track, hard to stop, and they can happen to anyone. 

These are the attacks that businesses are worried about. 

12. Major drivers of insider threats include fraud, monetary gains, and theft of intellectual properties.

(Source: Fortinet)

Fortinet surveyed IT professionals and found that fraud (55%), monetary gains (49%), and IP theft (44%) were the three biggest reasons why an insider threat attack occurred. 

Additionally, the survey reported that the finance department (41%), the customer success department (35%), and the research and development department (33%) were the most vulnerable.

13. Insider incidents were perpetrated by trusted business partners (15 to 25%) across all incident types and industry sectors.

(Source: Insights)

You trust business partners with sensitive information. Unfortunately, they can still use their credentials for personal gain. Trusted business partners could fall victim to a negligent insider attack as well. 

The finance and insurance (38%) sector is often hardest hit, followed by the healthcare (18%), information technology (22%), the federal government (31%), state and local government (16%), and entertainment (30%) sectors. 

Insider Threat FAQs

Who causes insider attacks?

Insider attacks come from anyone who has been granted access to a company. The individual may be a worker, a contractor, or a third party. They may seem like a trusted individual and they may have your best interest at heart. 

The truth of trusting credentials to workers or business partners is that accidents do happen. Insider attacks can occur due to negligent employees, accidents (like downloading malware), or malicious actors. 

What percentage of attacks were insider threats?

Insider threats make up a large majority (60%) of cyber attacks in 2021, and these are expected to grow. Insiders can contribute to data breaches as well, so it may be hard to know how devastating they truly are. 

What is an example of an insider threat?

Mr. Chung was an engineer at Rockwell and then he later moved to Boeing. 

Between the years 1976 and 2006, he managed to use his security clearance to steal information on US military and space programs. He traded those secrets with China for a financial sum. Eventually, he was caught!

Another great example is that of a Facebook employee who used their credentials to stalk women online. The perpetrator was eventually caught and fired.

What impact could insider threats have on your company?

Insider threat statistics clearly show us that these threats can cause extenuating damage. The engineer Mr. Chung is a great example of this. Mr. Chung managed to steal state secrets through his work as an engineer. He then sold them to a military rival with the US. These could have more than devastating effects. 

Mr. Chung’s stealing went on for 19 years before he was caught!

While you may not be a company that creates highly classified government machines, your information is still valuable and your customers trust their data with your business. Insider threats could risk the integrity of your entire company. 

Insider Threat Data Breach Statistics

As we move online, businesses are experiencing more attacks than ever before. Here are insider threat data breach statistics: 

14. Phishing attacks are still causing 67% of accidental insider threats.

(Source: US Cybersecurity)

Phishing attacks are one of the oldest ways for hackers to penetrate a company network. They are extremely effective and frequently used. Phishing attacks often occur in the form of emails that aim to trick users into clicking on a corrupt file and downloading it, or clicking on recognizable links like calendar invites.

Once the malware is on the company computer, it can download keystroke logging details and gain more sensitive information. 

15. 94% of malware comes from emails.

(Source: CSO Online)

Your employees might accidentally download malware. Malware is perhaps the most successful form of cyberattack. This is because it can transfer via email or local networks, and it can even be forwarded. It spreads throughout a company through apps, websites, and networks. 

16. US Companies experience over 2,500 internal security breaches daily.

(Source: IS Decisions)

A recent survey revealed that only one in five IT professionals consider insider threats to be a real concern. Accordingly, 39% of organizations have a team capable enough to implement information and cybersecurity. 

This might explain why so many US businesses experience insider attacks and at such a high frequency. Employees, employers, and IT personnel all struggle to follow security protocols, even if they are implemented correctly. 

17. 60% of data breaches were from insiders in 2020.

(Source: ID Watchdog)

As we know, insider threats occur often. However, this statistic also suggests that 60% of data breaches are actually the cause of insiders. 

In 2020, six out of ten data breaches came from insiders, a growth from 47% in 2018. 

Unfortunately, business owners need to be looking to all sides to limit potential risks.

The Cost of Insider Threats for Organizations

Whether it is in resolving a threat or trying to prevent one, the cost of insider threats is ever increasing.

18. Compared to smaller organizations, larger organizations spend $10.24 million more on insider threat cases.

(Source: Observe IT)

Naturally, larger organizations often have a lot more data and networks to deal with. If they experience an attack, then they will likely have to spend more money to find it, mitigate it, and then recover. 

Large organizations with workforces over 75,000 spent an average of $17.92 million on insider threats alone, whereas smaller organizations (500 or less) spent $7.68 million on the same cause.

19. Global spending on security will exceed $54 billion by the end of the year.

(Source: Statista)

Spending on threat mitigation (including tools, software, and training) will grow to over $54 billion by the end of 2021. This is approximately $23 billion more (on average, each year) since 2017.

A large portion of the funds will secure cloud solutions since these are primary drivers for vulnerabilities and are still rather new to companies. 

20. Insider attacks that take a long time to resolve cost $6.58 million more than those that are resolved quickly. 

(Source: Panda Security)

Attacks are becoming more sophisticated. With data unable to be accessed and companies needing to shut down to mitigate the threat, attacks cost businesses a lot of money. 

The longer it takes, the more money it will cost you. Incidents that take longer than 90 days to resolve cost an average of $13.7 million per year. Those that last less than 30 days cost an average of $7.12 million.

21. In the last 3 years, spending on insider threats has increased by more than 60%.

(Source: Observe IT)

The primary spenders behind security measures are investigation and detection. 

Soon, insider threat protection budgets may equal or exceed those of data breaches, in particular, because insiders are so difficult to catch!

22. The financial services industry has spent more money than any other sector in an attempt to stop insider threat attacks.

(Source: Globe News Wire)

The financial industry has loads of sensitive personally identifiable information (PII). So naturally, they have spent more than any other industry in protection. 

In the past two years, the financial service industry has spent an average of $14.3 million in attempts to prevent insider attacks.

What Makes Insider Attacks so Dangerous?

Insiders have privileged and often authorized access to the internal workings of your company. So not only would they more easily be able to access sensitive data, but they also know how to navigate the system. 

All it takes is one bad actor or one lazy employee, and a malicious attack could be happening to your organization’s network. 

Insider attacks are so dangerous because they are often hard to predict and difficult to stop. 

Top Insider Threat Actors

Earlier we said there were two types of insider threats, but we can further break down those demographics into workers and insiders. 

23. 67% of privileged IT users are a top insider threat actor.

(Source: Cybersecurity Insiders, 2020)

Insider attacks are so deadly because they often grant bad actors nearly immediate access to sensitive data. Well, it’s even worse if the bad actor is already a privileged user. 

24. 60% of insider threats are managers!

(Source: Bitglass, 2020)

The same thing goes for managers. You trust your managers to stay on top of your employees, and you would never expect them to steal your sensitive data. Managers seem to be in a position with more privileged access and a willingness to commit an insider attack. 

25. 57% of insider threat actors are contractors and consultants.

(Source: Bitglass, 2020)

Contractors and consultants might access parts of your system to do their job. Unfortunately, this gives them privileged knowledge of your company’s inner workings, and sometimes they get credentials too. 

Employee monitoring can alert you to the times when contractors or consultants are taking action when and where they shouldn’t be. 

26. 51% of insider threat actors are regular employees.

(Source: Bitglass, 2020)

Your employees don’t have to be super stealthy coders. They might also be an insider agent and work with malicious actors on the outside for financial gain. 

27. 68% of companies worry about negligent employees causing insider threat breaches.

(Source: AT&T Business)

Negligent employees might not follow the security protocol that you’ve laid out. If they ignore these protocols, they put the network at risk for a cyber attack. 

While negligent workers do not intend to cause any harm to a business, they might become the source of an insider threat incident! Their actions are capable of causing an insider security data breach. 

28. 61% of companies worry about malicious workers causing data breaches.

(Source: AT&T Business)

The majority of companies worry that an employee might come in with the intention to harm a business. This can very well be the case in high-risk companies, like banks and insurance agencies. 

Malicious workers do just that. Maybe they came in with that intent or it grew over time. No matter what, they attack your company for personal gain. 

29. 71% of companies are most worried about inadvertent data breaches.

(Source: AT&T Business)

Inadvertent data breaches might be the worst kind because they might not be anyone’s fault and are difficult to track. 

An inadvertent data breach could come from an insider or a malfunctioning system. Employees might follow the security policy to a tee and accidentally download malware or a virus onto the computer network. 

This places the whole system at risk; it’s natural that 71% of companies are worried about this risk. 

30. 52% of businesses agree that it’s harder to detect insider threats than external attacks.

(Source: Cybersecurity Insiders, 2020)

Insiders have credentials in your company, and they also know how your company works! This means that normal vulnerability testing protocols don’t fly. 

31. 55% of companies are using tools and activities to reduce insider threats, 54% of companies are using DLP software, 50% are using UBA software, and 47% use employee monitoring and surveillance.

(Source: IBM, 2020)

It’s clear that with how difficult it is to detect insiders and stop them, you need to have multiple protections in place. However, it seems like only half of companies are using at least one tool to reduce an insider threat. 

Protect Your Business Against Insider Threats

Insider threats should not be overlooked as they often pose more danger than data breaches. 

Because the frequency of insider threats is increasing, businesses need to arm themselves with the proper protections. 

Protective software like UBA software, DLP software, and employee monitoring will be a great line of defense. Of course, businesses should have firewalls, antivirus, and antimalware already in place!

What have you done to protect your business?

Sources:

Panda Security 

Observe IT 

Security Round Table 

Malware Bytes 

Sisa Infosec 

Haystax 

Fortinet 

Insights 

IS Decisions 

ID Watchdog 

Observe IT 

Globe News Wire 

US Cybersecurity 

CSO Online 

Statista 

IT Portal 

Observe IT

IBM 

Bitglass
AT&T Business

Cybersecurity Insiders

By SoftActivity Team

July 28th, 2021