Insider Threat Statistics: Malicious Intent or Ignorance?

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Insider threats are on the rise in Australia. Insider threats can be anyone in the organisation and all it can take to cause business disruption is to gain access to sensitive information.

There are several types of insider threats. It’s important to be aware of the difference types of threats an organisation can face internally and externally. In these insider threat statistics, we highlight the potential threats can organisation can face.

Author’s Top Picks

  • The IBM research found that the internal data breach's average annual cost was USD 11.45 million, with 63% of the incidents attributed to negligence.
  • Over 34% of businesses globally are affected by insider threats annually.
  • The cost of the average insider incident is now more than AU $20M.
  • 77% of Australian CISOs say their organisation is unprepared to detect, deter and recover from a cyber attack.

Insider threat statistics

1. Threats can come from any level and from anyone with access to proprietary data 25% of all security incidents involve insiders.

Anyone can be an insider threat in an organisation. There are several types including the malicious insider, the careless employee, or an external perpetrator. Organisations must implement strong information security practices that document user roles and account privileges to minimise the risk of fraud.

2. Recent insider threat statistics reveal that 69% say their organisations have experienced an attempted or successful threat or corruption of data in the last 12 months.

Insider threat statistics have gone rampant in the last couple of years. With remote work and hybrid positions, data breaches are becoming easier to attempt when working from home due to low work supervision.

3. Inadvertent insider threats are the primary reasons for the greater than 200% rise in the number of records breached in 2019 from 2018.

Inadvertent insider threats also known as negligent employees or careless employees are risks that organisations must monitor. These types of employees pose a significant risk because they can unknowingly breach corporate security policies or carelessly disclose sensitive data.

4. The IBM research found that the internal data breach's average annual cost was USD 11.45 million, with 63% of the incidents attributed to negligence.

One way a disgruntled employee could cause a data breach from negligent behaviour is by accidentally clicking on malicious links or downloading malware on their devices. This will result in disclosing confidential information to a possible imposter or scammer.

5. 90% of insider incidents are caused by goofs.

The “goof” can be defined as ignorant or arrogant users who believe they are exempt from security policies. Typically they try to access sensitive data without requesting or asking for permission. They may abuse access such as altering data or obfuscating network activity.

6. 90% of cyber attacks result from human error.

Human error is a major risk in work performance. Scammers who are targeting organisations can manipulate employees into providing confidential information. A strategy a scammer may use is by poaching a careless employee into providing confidential details through phishing techniques.

7. Over 34% of businesses globally are affected by insider threats annually.

Insider threat incidents can cost organisations millions of dollars annually. Other than employees, an insider attack can occur from ex-employees, contractors, vendors, business partners or an employee who is working with a supplier. Identifying internal fraudulent activities can be difficult to detect and prevent in the workplace.

8. Insider threats cost organisations $15.4 million a year.

One result of an insider threat is through falsifying invoices. An employee can commit fraud with a supplier by submitting duplicated or falsifying invoices. Usually, these actions are motivated by financial gain.

9. The cost of the average insider incident is now more than AU $20M.

The cost of insider threats global report found that insider threat incidents were occurring 44% more frequently in 2022 than the previous year. Large organisations are likely to suffer a greater loss from internal fraud compared to SMEs.

10. The top 3 sectors where insider attacks occur are finance, insurance, and healthcare.

The finance and Insurance industries are mostly targeted by internal and external threats. Scammers and insider threats understand that certain individuals have access to large amounts of money and sensitive information. The frequency of attacks is rising each year.

Insider threat data breach statistics

11. Insiders are involved in 57% of data breaches.

When it comes to protecting your intellectual property and networks from insider threats there are several recommended best practices that you can do to minimise the risk of fraud. For example, implementing data protection is great for organisations that are looking to control access to sensitive information and account privileges.

12. 20% of cybersecurity incidents and 15% of data breaches are due to misuse of privileges.

One way an employee can misuse sensitive data is by sending attachments of financial records to the wrong sender. To combat this action, organisations can implement verification tools to make sure the data being sent goes to the correct individual.

13. 25% of insider data theft involved stolen privileged user credentials.

One method a malicious insider can steal privileged user credentials is through password cracking. This requires the employee to “guess” passwords to systems and accounts that they are trying to infiltrate. They often use phishIng techniques to question individuals during conversations.

14. Privileged users that have access to sensitive information are the biggest threat to organisations. 60% consultants, 57% of contractors followed by regular employees 51% are the biggest results.

Malicious employees are not the only type of threat when it comes to internal fraud. Essentially, anyone who has access to sensitive information can be a potential threat to an organisation. You must make cybersecurity a priority in the workplace to protect your business.

15. 70% of intellectual property theft occurs within 90 days before an employee’s resignation announcement.

Upon an employee’s resignation, managers fail to closely monitor the exit procedure. Employees may still have access to the organisation’s network or access important files from work/personal devices. Deactivating accounts and permission must be ensured once an employee has departed.

16. 36% of external data breach actors in 2019 were involved in organised crime.

External data breach actors involve third-party suppliers, vendors, contractors or an ex-employee. Verizon further points out that most cyber-espionage attacks begin with a successful phishing campaign. The more control you have over your data the better in managing risk.

17. Organisations with more than 60% of employees working remotely were more likely to cause a data breach compared to an in-office employee.

A work from home study by IDM and Morning Consult suggests that remote workers are more likely to use personal devices and unverified tools to carry out their job. There are several threats that organisations face other than unsecured devices such as unsecured wifi networks, transferring work files, & poor hygiene practices.

18. 77% of Australian CISOs say their organisation is unprepared to detect, deter and recover from a cyber attack.

According to Proofpoint’s voice of the CISO 2022 report:

  • Australian organisations are less prepared for cybersecurity
  • Australian CISOs are less confident about their cyber security posture
  • Australian CISOs feel under increased pressure
  • Despite increased employee security awareness training, employees are still not adequately skilled in cyber defence.

Malicious insider attacks statistics

19. 43% of security incidents reported were caused by malicious insiders.

Incidents involving insider threats are driven by their motivation involving revenge, ego, coercion, ideology, espionage or financial gain. Methods of attack include stealing intellectual property, installing malicious malware, hacking network systems or bypassing security.

20. The number one motivation for a malicious insider to carry out fraud is financial gain (64%), espionage & fun was tied for second place (17%).

It’s no surprise that malicious insiders are motivated by financial gain. In addition, Tessian states that their survey data shows that 45% of employees download, save, send or otherwise exfiltrate work-related documents. Whether employees are saving work for personal reasons or conducting fraudulent activity, you must monitor all data being transferred out of the organisation to reduce insider threats.

21. Malicious privileged users are known for using undetected tactics. 39% of malicious insider breaches aren’t investigated until it was discovered which took months.

Some malicious insider threat indicators include accessing unusual resources that are not a part of their job function, accessing files or logging onto the organisation’s network at unusual times and using external data to transfer data.

22. Fewer admins are aware that half of all data breaches are traced back to a malicious insider, negligent employees or a compromised user.

Stopping malicious employees is a challenge for all organisations. However, applying a set of security solutions and preventative controls can minimise the risk. Four key components when it comes to mitigating the risk involve detection, prevention, response and recovery.

23. 1 in 3 organisations (35%) confirm they’ve suffered a ransomware attack by a malicious insider.

Some organisations are well equipped against dangers like spear-fishing and impersonation attacks. However, administrators have less experience when combating ransomware attacks.

24. 1 in 5 companies that suffered a malicious data breach was infiltrated due to stolen or compromised data (19%).

Other than stolen or compromised credentials, misconfigured cloud servers are another cause of malicious data breaches. This occurs when resources have not been constructed properly or leaving systems vulnerable.

25. Breaches due to cloud misconfigurations resulted in the average cost of a breach by more than half of a million dollars to $4.41 million.

Organisations that use cloud-based accounting software or application programming interfaces (APIs) can pose a high risk. This software can leave organisations vulnerable to insider attacks via cloud misconfigurations. The severity of a data breach is high because of the sensitive information an application can store such as user credentials, email addresses and other confidential data.

Careless insider threat incidents statistics

26. 76% of Australian CISOs consider the human error to be their biggest cyber vulnerability.

Careless insider threats also known as the “pawn” pose a security risk because of human error, poor judgement and decisions or unintentional aiding. The employee involved may inattentively expose the organisation’s network.

27. The 2 most expensive forms of data breach were the result of skill-based errors.

Skill-based mistakes are a form of human error where a worker performs the wrong decision because of a slip or lapse. Another form of human error is a decision-based error. The role of human error plays a major part in cyber security breaches, and managers and team leaders should look to address these situations.

28. ASEAN and Italy had the highest percentage of data breaches caused by human error.

South Africa, United Kingdom & Brazil were next on the list with the highest percentage of data breaches caused by human error according to the IBM report. If we break down the data by industry, entertainment, public sector and consumer industries also led to the highest percentage of data breaches from human error.

29. 52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.

When it comes to reducing human error, CFOs should consider the following strategies:

  • Investing and implementing an interactive cyber security training
  • Establishing regular audits
  • Promoting fraud awareness culture
  • Eliminating or simplifying complex tasks
  • Identifying situations where your employees are prone to human error
  • Establishing security protocols
  • Promoting insider threat awareness
  • Documenting an incident response

30. Organisations worry about employees sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices (46%) and the use of inappropriate IT resources by employees (44%).

Managers must consider privacy and password-protected systems placed on mobile devices when sharing company data. External perpetrators are always adapting to new scam tactics that involve mobile devices. For example, phishing text messages or spoofed emails.

31. 40% of businesses around the world, have employees hide an incident when it happens.

To ensure the safety of the business, communication and transparency are key components when discussing or addressing performance. Hiding an incident may lead to dramatic consequences. These cyber security breaches can cause further harm if not communicated to the right personnel.

32. C-level executives and human resources (79%) account for more than half of unstructured data risk, while finance and accounting (71%) pose more risk with structured data.

Bill Blake president and chief commercial officer at Fasoo comments on the cybersecurity matter “data security strategies will evolve into a more comprehensive framework that includes discovering, classifying, protecting and monitoring any form of confidential data regardless of its location”. Controlling over who handles your data and where it’s being located should be documented in all organisational security policies.

33. 59% of respondents said they do not have visibility into their employee’s password practices such as the use of strong passwords and secure password sharing.

One action managers can do to protect their business is implementing multi-factor authentication (MFA). With MFA, scammers who know or try to crack passwords to accounts are not enough to gain access. The authentication method involves 2 or more security barriers including a PIN, Face ID/Fingerprint verification or receiving an email notification.

34. More than 50% of US company's sensitive data can be accessed via an employee’s mobile or tablet.

One way to secure sensitive data in mobile applications is by encrypting the app data also known as ‘Application Layer Encryption. When encryption occurs, data is encrypted across multiple layings (disk, file and database). Sensitive data can be secured before storing it either in storage or cloud environments.


An insider threat can be anyone in the organisation involving external perpetrators. It can include employees, executives, business partners, vendors, suppliers and ex-employees.

There are 3 main types of insider threats:

    The malicious insider: Someone with account privileges who intentionally uses sensitive information to commit fraud for personal or financial incentives.

      The careless employee: An individual who carelessly exposes the organisation’s network by clicking on malicious links, downloading malicious software or unknowingly disclosing confidential information

        External perpetrators: An outsider like an ex-employee, supplier or vendor can coerce an internal employee to commit fraud or disrupt the business’ network.

Some behavioural and digital indicators of insider threats include, regularly working out-of-office hours, disorganised record keeping, requesting sensitive data that is not relevant to their job function, transferring intellectual property into personal devices or consistently violating organisational policies.

There are many reasons why an insider can commit such offences. Their motivations vary including revenge, ideology, ego, coercion, financial gain or personal reasons. Data loss prevention and threat management procedures are critical for organisations to mitigate risks.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.