Organizations spend billions to boost their cybersecurity profile against scams, attacks, and unauthorized access. However, the human element can invalidate even the most robust cybersecurity practices.
Of these human elements are insider threats. However, not all insider threats are malicious, even though they could all lead to disastrous ends.
So, we collected, analyzed, and interpreted research data across multiple demographics, industries, and years to curate an intriguing insight into insider threat statistics, facts, and trends.
Top 8 Insider Threat Statistics (Editor’s Pick)
- Insider threat incidents increased by 44% between 2020 and 2022.
- 42% of North American companies experienced malicious insider incidents in 2021.
- 14% of companies suffered 11 – 20 insider threat-related incidents in 2022.
- A Yahoo! senior employee downloaded over 500,000 pages of source code before quitting in 2023.
- Government-owned industries and institutions accounted for 11% of insider threat attacks in 2022.
- Insider threat incident escalation was the activity with the highest indirect cost in 2022.
- Negligent insiders caused 56% of insider threats to organizations in 2022.
- Fired employees were 23.1% likelier to have stolen sensitive company data a day before firing.
General Insider Threat Statistics
1. In 2022, 14% of surveyed organizations believed malicious insiders were their greatest threat.
This was a drop from the 35% of organizations with similar thoughts in 2021.
2. Over 3 in 10 brands believed malicious insiders were the second-greatest threat they faced in 2022.
In comparison, 29% of business respondents in 2021 believed the same, climbing to 31% in 2022.
3. 1 in 4 brands ranked malicious insiders as their top cybersecurity threat in 2022.
That represents a 3% climb from 22% of brands that held a similar opinion in 2021.
4. Brands were more worried about human error than malicious insiders in 2022.
Human errors, an unintentional insider threat, worried 38% of brands who called it their top threat. In 2021, 31% perceived human error as the greatest threat.
5. Insider threat incidents increased by 44% between 2020 and 2022.
About 4,716 insider threat events were detected in 2020, rising to 6,803 in 2022.
31% of all unauthorized access cases in Q1 2022 were attributed to insider threats. This number fell to 24% in Q2 2022 but rose to 35% in Q3 2022, beating the Q1 numbers.
7. 67% of companies suffered between 21 – 40+ insider threat incidents in 2022.
In 2018, only 58% of companies were subject to such a frequency of insider attacks. By 2020, the number reached 60%, soaring again in 2022.
8. 55% of organizations in 2022 were most concerned about insider threats from credentials theft.
Only 21% were concerned about insider threats from the negligent employee.
9. 64% of companies used Data Loss Prevention (DLP) technology to reduce insider threat costs in 2022.
This survey permitted multiple answers and showed that 60% of companies also used Privileged Access Management (PAM) systems, while 57% engaged User and Entity Behavior Analytics (UEBA) systems to the same effect.
10. 55% of a 2022 survey’s respondents believed in deploying automation to prevent and manage insider threats.
Another 54% were interested in using AI to detect, escalate, contain, remediate, and better manage insider threats in 2022 and beyond.
11. 43% of organizations using an insider threat management system were mandated by their customers/partners.
The 2022 data also shows that most companies using these systems (58%) suffered an insider attack in the past or learned of one in their industry. In second place were 45% of adopters who were mandated by their controlling boards to do so.
12. 44% of Singaporean IT professionals claimed no increase in insider threat incidents since the pandemic.
However, another 44% claimed these attacks have become more frequent.
On top of that, 5% of these professionals believed such incidents became more frequent in 2022.
13. 70% of IT professionals agreed that working from home increases the risk of insider threats.
According to 2022 data, 56% of surveyed Singaporean IT professionals agreed with this concept, with 14% agreeing strongly.
14. In 2022, 2.5% of employees stole company data at least once a month.
More employees (9.4%) stole data from their companies at least once in six months.
15. Dropbox was the most preferred data exfiltration avenue for malicious employees in 2022.
Of the 27.5% of malicious employee cases where stolen data was sent to cloud storage, 44.8% chose Dropbox. Google Drive came second, with 25.5% of these malicious insiders using it.
Insider Threat Demography Statistics
16. Larger organizations spent more to clean up insider threat attacks in 2022 than smaller firms.
Firms with over 75,000 global employees averaged $22.68 million in insider threat response and resolution. In comparison, brands with 500 employees or less worldwide spent $8.13 million.
17. 3 in 4 criminally-prosecuted insider threat attack types occurred from home in 2022.
42% of IT professionals in a separate 2022 study also believed data was less secure than before the pandemic.
18. North American companies spent more than average to deal with insider threats in 2022.
While the global average insider threat resolution cost $15.44 million in 2022, North American companies were shelling out $17.53 million (average) in the same year.
On average, companies in this region spent $11.9 million to resolve insider threat incidents. The closest were companies in the Middle East and African regions, paying $14.29 million on average.
20. 11% of Singaporean companies experienced an insider threat attack between 2021 – 2022.
37% of respondents to this study neither denied nor confirmed the claims, while 52% said they had not suffered any such attacks.
21. Over 9 in 10 Singaporean firms felt vulnerable to insider threat attacks in 2022.
Of these, 44% claimed to be slightly vulnerable, while 35% were moderately susceptible. While 10% reported not being vulnerable, another 11% admitted to being very vulnerable.
22. 8 in 10 Singaporean companies treated insider threats with the same severity as external cybersecurity threats.
As of 2022, only 20% of Singaporean brands did not think insider threats were as serious as external cyber-attacks.
23. 10% of Singapore-based companies did not think detecting an insider threat attack was harder.
90% of respondents to this 2022 survey claimed it was harder to detect insider threats than external security attacks.
24. Asians’ natural trusting nature could be a limiting factor to insider threat detection and management.
64% of surveyed Singaporean IT professionals claim Asians’ quickness to trust impacts the lack of insider threat awareness seriousness in their firms.
25. Only 29% of Singaporean companies proactively dealt with insider threat issues in 2022.
Another 30% dealt with the incident as it happened, while 5% would only address the issue if a legal obligation was involved. Additionally, 36% of these organizations addressed the issue AFTER a data breach occurred.
26. 33% of Latin American companies experienced malicious insider threat incidents in 2022.
This was higher than the global average of companies (29%) with a similar experience.
A breakdown of how frequently companies in each surveyed region encountered such attacks can be found below.
|Region||Share of Insider Threat Victims|
|Europe, Middle East, and Africa||27%|
27. Only about 1 in 3 EMEA companies experienced an unidentified malicious insider threat in 2022.
The 27% share of EMEA companies in this bracket was less than the 32% global average for such attacks. Every other region (North America – 33%; APAC – 33%; LATAM – 34%) experienced more than the global average incidents.
28. 42% of North American companies experienced malicious insider incidents in 2021.
This was the highest across a four-year (2019 – 2022) period. By 2022, only 28% of companies in the region reported such incidents.
29. Malicious employees were likeliest to exfiltrate stolen data to cloud storage in 2022.
Cloud storage was chosen as the preferred stolen data transfer/storage method in 27.5% of the cases. In 18.7% of the incidents, the threat actors sent the data to their webmail. Corporate mail was the chosen data transfer method in 14.4% of incidents.
30. Malicious insiders were Europe's fifth most prevalent attack vectors in 2021.
These threat actors made up 6% of the pie. They were behind other attack types highlighted below.
31. Over 5 in 10 pre-IPO companies made insider risk management a top concern in 2022.
Conversely, 32% of companies that were recently acquired/had a merger/had a divesture in the past 12 months also took insider risk management seriously.
Insider Threat Impact Statistics
32. Companies needed 85 days to contain an insider threat in 2022.
However, in 2020, they only needed 77 days to identify and control the threat.
33. 42% of observed insider threats in 2022 involved data or intellectual property theft.
Another 23% were accidental/unauthorized disclosures, while sabotage accounted for 19% of the cases. In another 9%, fraud was the main driver.
34. About 1 in 5 companies suffered 1 – 10 insider threat incidents in 2022.
28% of companies were in this situation in 2018, dropping to 25% in 2020.
Thus, more companies are suffering higher insider threat incidents.
As of 2020, 16% of companies experienced 11-20 insider threat incidents, down from 18% in 2018.
36. More companies experienced 21 – 40 insider threat incidents in 2022 compared to the previous four years.
31% of companies suffered 21 – 30 insider threat-related incidents, while 21% had a frequency of attack between 31 – 40 in the same year.
Here are how these numbers compare to the previous years.
|Year||Attack Frequency||Affected Companies|
|2018||21 – 30||26%|
|31 – 40||19%|
|2020||21 – 30||29%|
|31 – 40||19%|
|2022||21 – 30||31%|
|31 – 40||21%|
37. Only 35% of companies adopted an insider threat management program as a security best practice.
38% of companies in 2022 did it to meet industry standards and regulations.
38. About 12% of 6,800+ insider threat incidents in 2022 were contained in under 30 days.
However, it took 90 days or more to contain 34% of these incidents.
39. Over 8 in 10 organizations could not determine the impact of insider threat attacks they suffered.
In 2021, 82% of affected organizations did not have a framework to estimate the effect of the attacks.
40. 40% of insider threats in 2021 led to a critical data loss to the affected firm.
33% led to operational outages, while 26% of companies suffered brand damage due to the attack. A comprehensive impact distribution is presented in the table below.
|Critical data loss||40%|
41. Companies with higher threat/security awareness were less likely to suffer insider threats and attacks.
In 2022, only 22% of North American, APAC, LATAM, and EMEA companies with Level 4 threat maturity reported malicious insider incidents. In comparison, 28% of companies on Level 3 said the same, while 31% of Level 0-2 companies experienced such attacks.
42. Malicious insiders steal client/customer data in almost half of the threat cases.
44.6% of employees stole their company’s client/customer data.
Another 13.8% went for essential source code, while 8% stole personally identifying information.
43. An Apple engineer stole 24GB of sensitive data before quitting the company in 2018.
Xiaolang Zhang stole a 25-page document, a PDF containing schematics of Apple’s in-development car project, and other physical materials. Zhang AirDropped the files to his wife’s laptop after downloading them from Apple’s servers.
44. A Yahoo! senior employee downloaded over 500,000 pages of source code before quitting in 2023.
Qian Sang downloaded over 570,000 sensitive files related to Yahoo’s search engine and other properties after getting an offer from a competitor. These files were downloaded less than an hour after getting the new offer and transferred to TWO devices.
45. Malicious insider attack remediations stayed the same across 2020 and 2021.
Reports from an IT team showed 5% of remediated malicious insider attacks in 2020 and 2021.
46. About 1 in 10 attacks on industrial operational technology (OT) were from malicious insiders.
Malicious insiders, the same frequency as RAT attacks, instigated 9% of OT attacks in 2021.
Insider Threat Statistics by Industry
47. The cost of managing insider threats in the retail industry jumped 62% between 2020 and 2022.
It was the third largest sector by insider threat resolution spent in 2022, just behind financial and general services with its $16.56 million average.
48. The financial services sector paid $21.25 million on average to resolve insider threat incidents in 2022.
It was the largest sector by the average amount paid to resolve insider threats in the year. Likewise, its average spending jumped 47% from 2020 to 2022.
49. The services sector paid $18.65 million on average to resolve insider threat issues in 2022.
Thus, representing an unwelcome 52% increase to its 2020 numbers.
50. 38% of insider threats in tech industries involved intellectual property or data theft.
It was followed by the pharmaceutical industry, with 21% of attacks involving IP or data theft.
51. Government-owned industries and institutions accounted for 11% of insider threat attacks in 2022.
This puts the industry third, behind critical infrastructure (24%) and technology (33%).
52. The communications industry paid the least insider threat activity costs in 2022.
Companies in this industry averaged $7.53 million across containment, investigations, remediation, escalation, and other insider activity-related spending in 2022.
The five industries with the least insider activity incident-related spending in 2022 can be found in the table below.
|Industry||Insider Threat-Related Spending|
|Education & Research||$9.45 million|
|Entertainment & Media||$11.86 million|
|Health & Pharma.||$11.86 million|
53. Malicious insiders accounted for 13% of observed professional and business service attacks in 2021.
A 2021 threat incident report puts it as the third most prevalent attack type, behind ransomware (32%) and server access (19%) attacks.
54. 29% of cybersecurity attacks in the transportation industry were from malicious insiders.
This made it the top attack type in this industry for 2021.
55. Companies in the public sector were the most likely to have insider risk management systems in 2022.
84% of public sector companies had an active insider risk management system, followed by financial services (76%).
A breakdown of the top five industries with IRM implemented can be found below.
|Industry||% With IRM installed|
|Retail, distribution, and transport||74%|
|IT, tech, and telecoms||74%|
|Other commercial sectors||67%|
Insider Threat Financial Impact Statistics
56. The financial impact of insider threats grew by 34% between 2020 to 2022.
Cybersecurity events from insider threats averaged an $11.45 million annual cost in 2020. This number surged to $15.38 million by 2022.
57. Negligent insiders caused the overall costliest insider attacks on organizations in 2022.
Making up almost 6 in 10 insider threat attacks, negligent insiders cost businesses $6.6 million. In second place were credential insiders ($4.6 million), while malicious insiders ($4.1 million) rounded up the list.
58. Insider threat activity detection cost organizations $35,000 in 2022.
That was the least spending out of the average total insider threat response cost of $646,000. This total represented an 80% increment in insider threat response cost from 2016.
|Incident Response Stage||Cost|
|Investigation, escalation & response||$280,000|
|Containment, analysis & remediation||$331,000|
59. Insider threats contained in 30 days (or lesser) cost affected firms about $11.23 million.
This annualized 2022 cost of insider threat containment surged over 57% from $7.12 million in 2020.
60. Insider threat containment extending to 90 days or more costed companies over $17 million.
This 2022 data shows a 25% increase from the $13.71 million average annualized cost incurred to clean up insider threats over 90 days or more in 2020.
61. 23% of the cost of dealing with insider threats in 2022 was due to business disruptions.
This indirect cost included downtimes and loss of employee productivity.
Likewise, technology costs (deployed to resolve insider threats) accounted for 21% of the financial impact.
62. Companies with up to 10,000 employees spent less on insider threat resolutions than those with 5,000 employees.
In 2022, companies with 5,001 – 10,000 employees spent $16.43 million (average) to resolve insider threat issues. However, the average was $17.03 million for companies with 1,001 – 5,000 employees in the same reporting period.
63. Insider threat containment accounted for 29% of the threat’s management costs in 2022.
In insider threat resolution, the investigations aspect was the second most cost-intensive (20%), while incident response (19%) came third.
70% of the monitoring and surveillance budget is spent scanning corporate systems for insider threat behaviors. Only 30% of the costs in this department are indirect, accounting for time, effort, and other utilized resources.
65. Insider threat incident escalation was the activity with the highest indirect cost in 2022.
With a 32% direct cost, over half (68%) of this activity’s expenses cannot be measured in terms of spent money.
66. About 21% of companies' cybersecurity budgets in 2022 were directed toward insider risk management.
Likewise, 61% of 700 surveyed respondents claimed an active insider risk management program in their companies.
67. Firms in the public sector and finance spent more than others on insider risk management in 2022.
Establishments in the public sector spent 26% of their cybersecurity budget to mitigate insider threats. In contrast, finance-related firms shelled out 24% of their cybersecurity budgets, exceeding the global average (21%).
68. 73% of IT professionals in 2022 believed their companies had insufficient insider threat management budgets.
This was up from 66% in 2021. 65% of these professionals believed they would secure a bigger insider threat management budget in the coming year.
Insider Threat Statistics by Type
69. Negligent insiders caused 56% of insider threats to organizations in 2022.
Malicious insiders comprised 26% of the count, while credential insiders accounted for 18%.
70. Credential insiders caused more expensive cybersecurity attacks (per incident) in 2022.
Even though they accounted for just 18% of all insider threat attacks, they cost an average of $805,000 per incident. Malicious insiders were responsible for $648,000 per incident, while negligent insiders caused $485,000 in financial damage per incident.
71. Over 3 in 10 malicious insider attempts in 2022 used sophisticated techniques.
Across 32% of these attacks, 96% did not use ATT&CK techniques.
There was also a noticeable increase (43%) in adopting burner emails to perpetrate these attacks.
72. 74% of malicious insiders sent sensitive company information to third parties via email.
In 62% of cases, malicious insiders scanned the organization’s systems for vulnerabilities they could exploit. Third (60% of cases) were malicious insiders trying to access sensitive files they were not authorized for.
In 18% of the cases, a malicious outsider worked with an inside collaborator.
Another 23% of these cases involved malicious insiders stealing sensitive company data (such as intellectual property).
74. 20% of Singaporean IT professionals believed monitoring user behavior could help detect insider threats.
According to the 2022 survey, 46% believe such monitoring will only sometimes help, but not most of the time. Another 33% believed it would only help sometimes, while 1% did not believe in the efficacy of such monitoring.
75. 66% of IT professionals believed privileged accounts were the best places to check for insider threat incidents.
In a 2022 survey allowing multiple answers, 55% of IT pros would check documents and storage files instead.
The full breakdown of detection points and supporting professionals are shown in the table below.
|Detection Point||Supporting IT Pros|
|Documents and Storage||55%|
|Cloud Apps and Services||48%|
Other Insider Threat Statistics
76. Fired employees were 23.1% likelier to have stolen sensitive company data a day before firing.
A report in 2022 also showed employees were 1.09x as likely to steal sensitive company data on the day they were fired.
77. As of 2022, 98% of companies were concerned about insider risks.
Another 96% of companies in the same survey struggled to protect corporate data from insider risks.
78. Over 8 in 10 cybersecurity leaders believed insider risks and threats were discussed frequently in board meetings.
But just 61% of cybersecurity practitioners believed the same in 2022.
79. Almost 3 in 4 companies cannot estimate the level of insider risks from leaving employees.
71% of surveyed companies in 2022 struggled with how much data, intellectual property, and other company files employees take with them to other companies.
80. 91% of cybersecurity experts in 2022 believed their boards did not understand insider threats enough.
Similarly, 73% of respondents claimed insider risks remained a big issue within their organization.
81. 61% of companies claimed to have an insider risk management program in 2022.
However, 63% of these companies never measured the success of the program’s insider threat detections.
An Impostor Among Us?
Fishing out an insider is like playing Among Us in real life. However, remember that not all insiders are malicious actors.
Still, treat all insider threats with the same severity, considering that negligent insiders can cost your business up to $6.6 million.
That said, do not focus all your energy on insider threats, as they are just one of many cyber risks your business can face via employees.