“If you organization didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking."
~ Insider Risk Report, DTEX, 2022 

The Ponemon Institute declared that insider-related incidents have sky-rocketed 44 percent from 2020 to 2022. And their cost per incident ballooned more than a third to $15.38 million. However, the DTEX Insider Risk Report claims that those numbers are actually much higher: a 72 percent rise insider incidents, but could not put a figure to the cost. Regardless of the actual tally, there appears to be no question that security incidents initiated from inside an organization have risen drastically. 

Most organizations continue to focus cyber and data security efforts on externals threats—the mysterious outsider lurking in the ether. But very real threats lie with those who possess legitimate access to company networks and data—third-party vendors and employees. The DTEX report makes a sobering statement: 100 percent of users are risks. That means everyone in an organization is a risk. This isn’t to say that all employees or vendors harbor intent to deceive. Most breach cases are triggered by negligence or lack of knowledge than malicious acts. But this perspective—everyone is a potential risk—highlights the importance of insider security measures. 


48% of data breaches in healthcare facilities are caused by insiders. 


Unfortunately addressing insider threats was at the bottom of six-item priority list for many organizations—at 33 percent. Perhaps organization would move internal threats higher on their lists if they better understood the nature of internal risks—and realize that not only is every staff member a risk, but the degree of risk bears no weight on job position rank, department, years in service. 

Understanding the Nature of Insider Security Risks 

Negligence is responsible for 56 percent of insider incidents. For an employee, negligence can stem from many factors, such as complacency, stress, overburdened schedules, being rushed, and lack of awareness.  Common acts of negligence might look like: using the same password for multiple accounts, clicking on a malicious link from an unknown email sender, connecting to an unsecure Wi-Fi, losing a work device, sending work files to a personal device—just to name a few. 

Compromised credentials is one of the common reason for internal data breaches. That’s not so surprising when you consider there are several ways credentials can be misappropriated—often it’s due to negligence, but not always: Employees can expose their log-in info when falling victim to phishing attacks; losing work devices; using unsecured Wi-Fi connections; exploiting their access privileges for illicit conduct; abusing unused but open users accounts (stale accounts)—60% of companies have more than 1,000 stale user accounts. Compromised credentials also took the longest to detect—an average of 327 days. That lengthy timeframe cost approximately $150,000 more per breach than other types of breaches. 

Phishing attacks soared a shocking 569 percent in 2022. Phishing attacks specifically targeting user credentials shot up 428 percent. With that rate of increase, it’s no surprise that 97 percent of organizations have received at least one phishing email in the past year. Email delivery still appears to attackers’ preferred delivery, but phishing text and phones call are still going strong.  

Now bad actors are exploiting sophisticated AI chatbots to create more legitimate-looking communications, increasing detection difficulty. In the past, poor spelling and grammar and odd phrasing often made spotting a malicious emails and texts easier.  


The healthcare industry is the second most targeted industry for credential phishing.


Exiting Employees is another common risk that many organizations might not see in its full light. When an employee leaves a company, some semblance of security may be taken on the last day of employment—depending on circumstances. However, the timeframe leading up to an employee’s last day could be the time of highest risk. If a worker is moving to a competitor, he or she might be tempted to copy proprietary data before leaving—56 percent of organizations incurred potential information theft due to workers leaving the organization. Also, “short-timers”—employees who know they only have a few days of employment left—may get sloppy with security practices. 

Boosting Your Internal Digital Security

The above are just a few risk factors inside your organization. One of the most effective ways to minimize almost internal risk is to educate your employees. When workers understand potential security threats and then can better realize how they might contribute to a breach and become more aware of their actions. 

But to be effective, the cyber education needs to be more than a one-time, instruction given during onboarding a new hire. Frequent, routine cyber training accomplishes two critical goals: ensuring employees are up to date on current cyberattack trends and keeping security best practices at the forefront of their minds. A worker who just completed the third simulated phishing test of the year is less likely to fall victim to a real phishing attack than an employee who hasn’t had training since he was hired two years before.     

Most often employees don’t intend to compromise company data or networks, but when a breach does occur, it’s not the intent that matters. Prevention is a far safer and cost-effective means of managing data loss and reputation damage. 


To find more about how you can strengthen your internal security and diminish risks, visit, CompliancePro Solutions. 

CompliancePro Solutions