top of page
  • awcollison8

Insider Risk: Data Theft and Data Breach

Updated: May 24, 2023

Mannequin sitting at a desk browsing a laptop

The risk of insiders stealing data or causing privacy breaches is a growing concern for many companies. Insider threats can come from current or former employees, contractors, or anyone accessing a company's systems and data. These threats can be intentional or unintentional and have significant consequences for the company, its customers, and its stakeholders. In this blog post, we'll explore some real-world examples of insider threats, the costs of these threats, and steps companies can take to mitigate the risk.

Shocking Statistics

Insider threats are rising, and companies must take them seriously. According to a study by IBM, human error is the main cause of 95% of cybersecurity breaches. Tenfold Security reports that 72% of departing employees admit to stealing company data, and 1 in 5 employees admit to using external cloud apps to share sensitive corporate. Insider threats can have significant costs for companies. According to the Ponemo

List of Data Breach happenings

n Institute, the average cost of an insider threat is $11.45 million per incident. These costs include direct costs like investigation, remediation, and legal fees, as well as indirect costs like loss of productivity, reputational damage, and regulatory fines.

Not All Are Intentional

While some insider threats are intentional, such as a malicious employee who steals data or destroys systems, not all are intentional. For example, employees may inadvertently put company data at risk by falling prey to phishing or email compromise scams. Phishing is a fraudulent attempt to obtain sensitive information such as login credentials or financial data by disguising it as a trustworthy entity in an electronic communication. This attack often uses email as a delivery mechanism and can trick employees into disclosing their login credentials to an attacker. Similarly, email compromise involves an attacker sending a convincing email impersonating an executive or vendor and requesting the recipient to make a payment or share sensitive information. These insider threats are not always intentional but can have significant consequences for an organization, including data breaches, financial losses, and reputational damage. An IBM report (below chart) indicates that Phishing attempts are costly and high in frequency. This data only reinforces why organizations need to implement adequate security awareness training programs to educate their employees about the risks of insider threats and how to avoid falling victim to them.

Scatter plot of Average cost and frequency of data breaches by initial attack vector

Mitigate Risk

In addition to the financial costs, insider threats can damage a company's reputation and erode customer trust. Companies need to take proactive steps to mitigate the risk. Here are five actions companies can take to reduce the risk of insider threats:

1. Implement access controls: Companies should limit access to sensitive data and systems to only those who need it to do their jobs. This can include using role-based access controls, two-factor authentication, and monitoring user activity.

2. Educate employees: Companies should provide regular training on security best practices and the risks of insider threats. This can help employees understand their role in protecting the company's data and systems. Such programs should educate employees on the potential consequences of mishandling sensitive information, highlight the importance of cybersecurity policies and procedures, and teach employees how to detect and report any suspicious activity. Training can also inform employees of the actions to identify exposure so they know you are watching them if they misbehave.

3. Monitor user activity: Companies should monitor user activity for unusual or suspicious behavior. This can include monitoring network traffic, user logins, and file access.

4. Conduct background checks: Companies should conduct thorough background checks on employees and contractors before granting them access to sensitive data or systems.

5. Implement a data loss prevention (DLP) solution: DLP solutions can help companies identify and prevent data exfiltration by insiders. These solutions can monitor data flows and block unauthorized transfers of sensitive data.


Insider threats are a real and growing risk for companies, particularly in the age of remote work and virtual teams. Companies must take proactive steps to mitigate this risk, including implementing access controls, educating employees, monitoring user activity, conducting background checks, and using DLP solutions. By following the recommendations outlined above, companies can significantly reduce the likelihood of an insider threat causing a data breach, ultimately saving the company from potentially significant financial and reputational damage.


bottom of page