The incidents that typically fly under the
media radar are insider events. We found
that 28% of respondents pointed the
finger at insiders, which includes trusted
parties such as current and former
employees, service providers, and
contractors. Almost one-third (32%) say
insider crimes are more costly or
damaging than incidents perpetrated by
outsiders. The larger the business, the
more likely it is to consider insiders a
threat; larger businesses also are more
likely to recognize that insider incidents
can be more costly and damaging.
Despite this, however, only 49% of all
respondents have a plan for responding
to insider threats.
Many insider incidents result from
employee vulnerabilities such as social
engineering and loss of devices—risks
that could very well be mitigated by
employee training. Organizations can
also prevent insider incidents by
monitoring employees for certain
negative behaviors. For instance,
respondents said that insiders who had
perpetrated cybercrimes most often
displayed behaviors such as violation of
IT policies, disruptive behavior, and poor
performance reviews. They also said
most insider incidents are conducted for
financial gain. (Figure 2.)