Insider Data Breaches Are Soaring. Here’s Why!

Back to Blog

Insider Data Breaches Are Soaring. Here’s Why!

According to a Forrester’s 2019 report, insiders commit 53 percent of all data breaches. A Ponemon report also discovered that the frequency of insider-related breaches surged by 47 percent in just two years, with 60 percent of organizations suffering more than 30 incidents each year.

What’s going on? Why this spike in insider data breaches? Are these internal threats more difficult to detect?

MSPs must understand this threat trend to better protect their clients, so let’s find out.

5 Reasons Insider Breaches Are on the Rise

1. Employee Permissions

More than 50 percent of organizations cite privileged users as their greatest insider threat. Of course, the people who possess the greatest access to data have more opportunity to compromise that data, whether intentionally or accidentally. Most often, the violation is inadvertent. But regardless of intent, a data breach is trickier to detect when the perpetrator has permissions. 

2. Businesses Want to Trust Employees

Trust is the cornerstone of any relationship and companies want to put their faith in their employees and business partners. But in their desire to trust, many organizations discount the importance of strict internal data security and assume a passive, after-the-fact approach. Many IT professionals even rely on employees to report an accidental breach, as we discussed in a previous blog that explores the latest statistics on insider threats. 

3. Companies Focus on External Threats 

With the trust conundrum mentioned above, businesses tend to focus on shielding their data against the collective external hacker and see cybersecurity as an exclusively external concern. But without proper safeguards, mishaps and negligence are just as harmful as malevolence. One distracted click on an infected link in a phishing email is all it takes to endanger data. 

Fifty-two percent of organizations surveyed by Gurucul and Cybersecurity Insiders confirmed that it is more challenging for them to detect and prevent insider threats than external cyberattacks.  

4. No Procedures in Place 

Because companies allocate most of their resources towards external attack protections, they fail to establish formidable internal security protocols; or they may feel that their external security will suffice to deal with insider threats. Unfortunately, the firewalls set up to bar outsiders are impotent against the dangers already present in the network through legitimately granted access.

Cybersecurity Insiders also discovered that 58 percent of businesses felt they could not effectively monitor, detect and respond to insider threats.

5. More People Have Access to More Data 

The more hands-on data is, the more opportunity for mistakes and malice. A Fortune 1000 survey found that 37 percent of survey respondents felt that more people today – contractors, business partners and employees – have more access to an expanse of data. Cloud technology, coupled with an increasingly global workforce, serves as a significant contributor to increased access and threats.

Cloud technology broadens the scope for attacks, and many organizations have employees and business associates that span time zones and work outside regular business hours, making it difficult to detect deviant behavior. According to 56 percent of companies, detecting insider attacks has become harder since migrating to the cloud. Another 35 percent state that the increasing volume of network activity makes it harder to zero out normal behavior, challenging their ability to detect anomalies and prevent breaches.

Early Detection Is the Best Protection

Early detection of anomalous end-user behavior and suspicious login attempts is the best protection against internal breaches. However, many of these aren’t discovered for up to 77 days. According to the Ponemon Institute, incidents that took less than 30 days to resolve tallied a cost of about $7.12 million per year while those that took over 90 days cost $13.7 million on average per year.

In any case, waiting for employees to report breaches doesn’t bode well for early detection. Internal network traffic should be monitored continuously for anomalous behavior and other red flags. This is where automated detection software and user analytics can help. Regular, automated monitoring can catch threats that could easily slip past a human, particularly in large organizations.

Visit RapidFire Tools to learn more about products, such as Cyber Hawk, that can help you achieve your clients’ cybersecurity demands.



  1. 20 Insider Threat Statistics to Look Out for in 2020, techjury, 2020
  2. 2020 Cost of Insider Threats: Global Report, Ponemon Institute, 2020
  3. Why are insider threats so difficult to detect?, IT Pro Portal, 2015
  4. 2020 Insider Threat Report, Cybersecurity Insiders, 2020
  5. Report: Organizations remains vulnerable to increasing insider threats, Malwarebytes Labs, 2019
  6. Insider Threats Get More Difficult to Detect, Dark Reading, 2013