Insider threat statistics
10.08.2019Back to blog list
A company having its secrets and confidential information stolen, its funds robbed, or damage caused to it is an ever-present threat that companies may take appropriate measures to avoid. However, employees are biggest threat to data security, since people can have all kinds of motivations. Although they do not account for the majority of cases, insider incidents cause the greatest amount of losses to companies. It is much harder to gain access to the inside of a network than people would be led to believe, but they can easily be tricked to do the bidding of a third-party scammer. Furthermore, employees do in fact elect to commit crime on a rather frequent basis.
The problem is so common that it has even led the US government to set up a whole new agency to combat the problem – the National Insider Threat Task Force (NITTF). The task force publishes information for corporations to help render them more secure. Given the harsh punishments an insider would face for such an attack, it is hard to imagine what the motivation would be. The most common causes are money, ego, their personal principles, or being forced. The insider threat trends are always changing and thus companies offer services in gathering the history of all such cases worldwide and inferring potential outcomes based on patterns.
Insider threat statistics show that the average amount of time for an insider crime to be detected is over half a year. This is a testament to how little effective means for detecting insider abuse have been thus far. The average amount of losses for each incident is over half a million dollars and is rising every year. Often times, the employee may not even be aware that he has leaked information to a malicious outside party. This is a common tactic that outside criminals use, often pretending to be another employee or philanthropic organization to acquire sensitive information. Indeed, phishing is the cause of 20% of insider-initiated incidents. Furthermore, another shocking statistic is that as many as 43 percent of companies have fallen victim to insider data theft in the past year. To compound this, a surprising 51% of companies respond that they do not have a plan for dealing with insider threats in the event that they do arise.
Sign up for a free trial
More often than not, however, employees causing losses to their companies due so out of carelessness and negligence. That is why developing a very specific company policy and training people as much as possible to comply with them is of the utmost importance. It also helps to promote a culture of anti-corruption to have a positive, enthusiastic atmosphere at the company. Nevertheless, bribes, greed, and being unhappy with the company often lead employees to choose actions that harm the company, some doing so specifically for that purpose. This is why a company needs to have a plan for dealing with these types of situations. An insider threat program developed by a third-party will most likely save a company a lot of money in the long run.