If you‘re a cybersecurity or IT professional, you know that insider threats present a clear and present danger to your organization. But you may be surprised at just how prevalent and impactful they truly are. In this post, I‘ll walk through 21 alarming insider threat statistics – from cybersecurity spending trends to sectors at risk to motivations behind attacks – that shed light on risks from trusted insiders. My goal is to help you understand the scope of the insider threat problem so you can make informed decisions to protect your organization in 2023 and beyond. Let‘s dive in!
Cybersecurity Spending Reveals Insider Threat Concerns
The sheer scale of global cybersecurity spending shows that organizations recognize the rising danger from threats like insiders:
$175.2 billion – Estimated worldwide spending on cybersecurity in 2023, a 12.4% increase from 2022 [1]. With cybercrime on the rise, organizations are投入资金保护重要系统和数据。
That‘s a massive figure, showing how serious the insider issue has become. As an IT pro, I know these budgets reflect technologies needed to combat insider threats like user behavior analytics, activity monitoring, and access controls.
Insider Attacks Are on the Uptick
The percentage of organizations reporting more frequent insider attacks is eye-opening:
74% – Share of organizations that observed an increase in insider attacks in 2020 versus the prior year [2].
With nearly three-quarters of firms seeing surging insider incidents, it‘s clear threats from trusted employees, contractors, and partners should be priority one.
Here‘s a telling example – a rogue Facebook employee allegedly abused access to data to stalk women online [3]. It highlights the havoc insiders can wreak. Proper access controls and activity monitoring could have detected misuse sooner.
Privileged Users Are a Primary Threat Vector
Given their extensive access to systems, data, and settings, privileged IT users pose a potent insider threat vector:
63% – Percentage of insider threats originating from privileged users like sysadmins and DBAs [4].
This demonstrates the principle of least privilege matters. Overly broad access powers insider risk.
Case in point – a former AWS engineer used his admin access to hack CapitalOne and steal 100 million customer applications [5]. Tightly limiting privileges can help avert such incidents.
Top Insider Threat Actors
| Threat Actor | Percentage |
|---|---|
| IT Privileged Users | 63% |
| Managers/Executives | 50% |
| Regular Employees | 51% |
| Third-party Contractors | 50% |
Privileged users top the list, but employees across an organization can become malicious or negligent insiders (see table above). It shows the need for controls covering access, data, and activities across the board.
For example, a Tesla ex-employee admitted stealing trade secrets to benefit new employer XMotors [6]. Controls like access review and revocation, plus data loss prevention, could help secure IP against insiders.
Financial Gain Is a Top Motivation
Greed motivates over half of insider attacks:
- 55% of insider threats are linked to fraud [4]
- 49% are tied to monetary gain [4]
As an IT leader, I know the ability to manipulate financial data or steal IP equates to money. Controls like transaction monitoring can detect suspicious activity.
For instance, an executive at an investment firm was convicted of embezzling millions [7]. Proper activity controls could help uncover such misuse of access sooner.
Unintentional Insider Threats Proliferate
It‘s not just malicious actions organizations need to consider. Human error accounts for a substantial portion of insider risk:
71% of insider threats result from unintentional data leaks like misconfigured databases [5].
A real-world example – an employee of US Customs and Border Protection accidentally exposed photos of travelers [8]. Proper training and governance could mitigate such incidents.
Insider Threats Are Far Reaching
The pervasiveness of insider threats is clear based on these statistics:
- 34% of organizations experienced an insider attack within just one year [9]
- 2,500+ internal attacks occur daily within US companies [10]
With risks this extensive, organizations simply cannot ignore the reality of insider threats. Cybersecurity and access controls need to be priority one on the CIO‘s agenda.
Significant Time Lags in Breach Detection
The longer malicious insiders operate undetected, the more damage they can inflict:
- 197 days – Average time to identify a data breach [7]
- 75 days – Time to contain damage from insider attacks [11]
As a security pro, I know early threat detection is crucial. Analytics, activity monitoring, and log review need to be central to insider defense efforts.
Healthcare, Finance & Tech Face Elevated Risks
Some sectors face higher insider threats due to valuable data troves:
- Healthcare: Medical and patient records
- Finance: Customer accounts, transactions
- Technology: Intellectual property, trade secrets
Organizations in these sectors need robust controls around access, activities, and data flows to protect critical assets.
For example, a hospital employee stole over 24,000 patient records [12]. Tight access controls and auditing could help catch suspicious database queries.
Phishing Enables Unintentional Insider Threats
Devious phishing attacks threaten employees and lead to accidental data exposure:
- 67% of unintentional insider threats stem from phishing [11]
- 94% of malware is delivered via email [13]
This demonstrates the need for comprehensive security awareness training paired with email security controls like quarantining suspicious messages. Education helps employees identify phishing attempts.
Emerging Insider Threat Trends and Statistics
Beyond the statistics already covered, a few emerging trends are important for IT professionals to note:
- 83% of organizations plan to implement user and entity behavior analytics by 2022 to spot insider threats through activity monitoring [14].
-
Use of cloud and remote work is surging, expanding the insider risk landscape.
- 33% of companies have more than half their workloads in the cloud [9]
- The shift to remote work has increased reliance on technologies like VPNs—a potential insider weak point.
- 38% growth in cybercrime from 2021 to 2022 shows threats are escalating rapidly [13].
These data points should encourage organizations to prioritize modern controls suited to combating insider threats in today‘s environment of remote cloud access.
Recommended Controls to Mitigate Insider Threats
Based on these trends and statistics, here are my top recommendations as an IT security expert for where organizations should focus in 2023:
- Implement security policies for remote users covering assets, data, and access.
- Monitor user activity for anomalies using behavior analytics.
- Enable multi-factor authentication (MFA) for VPNs and cloud apps to harden access.
- Limit excessive user permissions through zero trust models.
- Track access by third-party contractors and partners.
- Educate staff continuously on social engineering and security.
- Encrypt sensitive data to minimize breach impact.
- Review logs regularly for signs of unauthorized activity.
- Disable inactive accounts to reduce attack surface.
Following these best practices can help position your organization to better defend against costly insider threats.
The Bottom Line
As these statistics clearly illustrate, insider threats represent an urgent cyber risk facing today‘s organizations. Whether through malicious fraud or unintentional mistakes, insiders have access that makes it possible to inflict financial, operational, and reputational damage. By understanding the scope of the insider threat problem, IT professionals can obtain buy-in to implement modern access controls, activity monitoring, and training to strike back against attackers within the gates. With cyber risks growing exponentially, insider threat mitigation needs to be top priority for security leaders seeking to protect their organizations in 2023 and beyond.
Sources
[1] Gartner Forecasts Information Security Spending to Exceed $150 Billion in 2019[2] 74% Of Organizations Experience More Frequent Insider Attacks Than the Previous Year
[3] Former Facebook Employee Allegedly Abused Access to Data to Cyberstalk Women
[4] 2020 Insider Threat Report
[5] Ex-Amazon employee who hacked Capital One bank gets 5 years in prison
[6] Ex-Tesla worker accused of hacking seeks $1M in counter claim
[7] Morgan Stanley Exec Gets 9 Years in Prison for Fraud
[8] Exclusive: CBP probes employee data breach
[9] Insider Threat Spotlight Report 2022
[10] 2500 Internal Security Breaches Occurring Daily within US Firms
[11] 2022 Insider Threat Report
[12] Hospital worker stole 24k records to help employer
[13] Phishing Activity Trends Report
[14] Insider Threat Detection Report
