An Inside Look at Insider Data Breaches

Back to Blog

An Inside Look at Insider Data Breaches

“It’s what’s on the inside that counts.” This common sentiment suggests that one should not focus on people’s outward appearance but rather what’s in their hearts and in their minds – what’s on the inside. MSPs could also apply this philosophy, with a slightly different twist, to cybersecurity.

For comprehensive data protection, MSPs must not only attend to their clients’ external threats but also the threats they face from the inside — their employees. Insider threats are some of the most common – and most overlooked – security risks. Often, internal data breaches are unintentional, the result of negligence or lack of knowledge about security best practices: weak passwords, lost devices, carelessly shared information, etc. Occasionally, employees also commit transgressions intentionally for personal gain.

Regardless of the reason, insider data security threats must be addressed to deliver full-spectrum IT security. And to accomplish that, MSPs need to know the ins and outs of insider security threats.

Survey Says…

The Egress 2020 Insider Data Breach Survey revealed that 97 percent of IT leaders are worried about insider breach risks and 78 percent felt employees accidentally put data at risk within a 12-month period. Ironically, 71 percent of employees felt they had not inadvertently shared company info.

Reasons for Risk

So, how are employees putting so much at risk? What acts are causing these breaches? The consensus among IT leaders (32 percent) points at sharing business data to personal devices. The growing number of remote workers is increasing the volume of personal devices in use in an already highly mobile business world. Even employees who have company-issued laptops often send and receive business emails on their personal cell phones or tablets. Unfortunately, most organizations don’t mandate security requirements or monitor these devices for potential risks.

Runner-up reasons for unintentional data leaks:

  • Lack of employee training – 24%
  • Lack of adequate security systems – 24%
  • Employees being in a rush – 21%

According to employees, accidental breaches on their part took place because:

  • 41% clicked on an infected link in a phishing email
  • 31% sent info to the wrong person
  • 14% responded to a phishing email
  • 8% didn’t know the info shouldn’t be shared
  • 4% felt there wasn’t a primary cause

IT leaders and employees also seem to hold different views on intentional security leaks. Only 18 percent of IT professionals felt that employees deliberately hijacked data to a new job. Yet, a whopping 46 percent of workers admitted they or a colleague purposefully confiscated company data when they resigned.

Another 25 percent of employees revealed that they knowingly risked data because their company hadn’t provided them with the tools to share it safely. However, only 11 percent of employees wished to cause deliberate harm.

What’s Most at Risk?

So, what are workers jeopardizing? The Egress survey found that employee information, including personal identifiers and salary information, was most vulnerable for both intentional and accidental breaches. Next in line was intellectual property and company data, including financial details, with consumer data coming in third.

Interestingly, IT leaders appear to be more concerned about financial loss from a breach rather than reputational damage – which in itself can trigger significant loss of revenue. For 2019, 27 percent feared the financial impact while 38 percent cited reputational ruin. But in 2020, finances soared to 41 percent and reputation slipped to 31 percent. Customer churn troubled only 12 percent of IT leaders in 2019 and 15 percent in 2020.

How Are Business Protecting Their Data?

Data security protocols can vary widely from business to business and even within each organization’s departments. Often, these methods are basic at best, as the Egress study reveals:

  • 50% use antivirus
  • 48% rely on email encryption
  • 47% use secure collaboration software
  • 46% employ anti-malware
  • 41% use static DLP

These methods are viable protections that work most effectively when used in conjunction. But even working together, they don’t provide absolute data security. These next stats provide more reasons why additional precautions, such as scanning, monitoring and regular reporting, need to be taken:

  • 59% of IT leaders rely on employees to report an accidental breach
  • 57% expect an employee to notify a superior of an intentional breach

That’s putting a great deal of trust in employees who may not even realize there was a mishap to report.

Trust but Verify

MSPs should educate their clients about insider risks and work with them to develop an exhaustive data security force that goes beyond firewalls and employee admissions. With so many potential threats that could emerge within the network, it may seem like a daunting task to keep up with them all and commit the time and resources needed to continually check up on these items.

Automated monitoring, internal threat detection and regular reporting can strengthen client security, alleviate the time and manual resources required to safeguard their data, and help them understand how to address related issues. Click here to learn about products such as Cyber Hawk that can help you meet your clients’ cybersecurity demands.



  1. State of Insider Data Breaches in State of Security, 2020
  2. Insider Data Breach Survey 2020, Egress, 2020