71 percent of businesses hit with insider attacks from malicious employees
Insider attacks including fraud, sabotage, and data theft, plague nearly three quarters (71 percent) of US businesses, according to Capterra's 2023 Insider Threats Survey.
Perhaps unsurprisingly companies that allow excessive data access are much more likely to report falling victim to insider attacks. However, only 57 percent of companies limit data appropriately while 31 percent allow employees access to more data than necessary and 12 percent allow employees access to all company data.
Also alarming is that, of the companies that have experienced insider attacks, one in three (34 percent) report that the scheme involved an employee with privileged access.
"Businesses that restrict data appropriately are twice as likely to avoid insider attacks," says Zach Capers, senior security analyst at Capterra. "That's why it's critical to employ the principle of least privilege, restricting data only to what employees need to do their job. Highly-privileged users must also be scrutinized and the use of admin rights should be minimized."
Data theft is the most common type of insider attack, reported by 38 percent of businesses and in many cases these incidents also constitute a data breach. The second and third most common types of insider attacks are the misappropriation of assets (32 percent) and disclosure of trade secrets (30 percent), respectively.
While not the most common type of attack, insider fraud schemes are especially financially devastating -- costing businesses nearly a quarter of a million dollars, averaging $262,138.
Of companies that have experienced insider attacks, 80 percent have been hit by disgruntled employees. 27 percent have been targeted by current employees, 40 percent by former employees, and 13 percent by both.
You can find out more on the Capterra blog.
Image credit: vchalup2/depositphotos.com