Please fill in the form below to subscribe to our blog

Five Ways an Employee Becomes an Insider Risk

December 07, 2023

Learn to spot the red flags that indicate an insider risk

The actions that employees take every day have an enormous impact on the security of a company’s IT environment. Sometimes these actions are caused by human error, like mishandling data or getting conned by a phishing email. Sometimes those actions are intentional, like an employee selling their access credentials to a cybercriminal. Together, these actions form a company’s insider risk picture. One bad decision by an employee can open a business up to trouble like ransomware, business email compromise and other cyberattacks. Everyone in the company needs to be mutually committed to achieving the same goal: maintaining the security of systems and data. Unfortunately, that’s often not at the top of every employee’s priority list, creating negative cybersecurity consequences for their employer. 

Excerpted in part from The Guide to Reducing Insider Risk 2023: DOWNLOAD IT>>

Employee mistakes and negligence cause 75% of insider threats

An insider is any individual who works within an organization, has access to an organization’s network or maintains access to privileged data. Insider risk arises when company personnel take their corporate cybersecurity practices lightly or intentionally try to harm their organization’s systems and data.

There are two general categories of insider risk: 

Malicious insider: Employees who intend to harm a business deliberately. Malicious insiders cause massive damage quickly by taking harmful security actions like stealing company secrets, selling access to a company’s network or deploying ransomware. They’re primarily motivated by money, but they can also be motivated by vengeance. In the 2023 Insider Threat Report by the Ponemon Institute, researchers determined that malicious insiders accounted for an average of 6.2 incidents at an average cost per incident of $701,500.

Examples of malicious insider incidents include:

  • Emailing sensitive data to outside parties (67%). 
  • Accessing sensitive data not associated with the role or function (66%)
  • Scanning for open ports and vulnerabilities (63%).

Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>

Unintentional/accidental insider: Regular employees who don’t cause harm intentionally are the most common type of insider risk. Instead, these employees negatively affect security through negligence or error. Unfortunately, such errors can be just as devastating to a company as intentional sabotage. An employee might send someone the wrong file or carelessly misconfigure a server. They don’t intend their actions to be harmful, but they are. According to the report, the average number of negligent insider incidents a respondent company experienced is 14.

In the 2023 Insider Threat Report by the Ponemon Institute, researchers said that three-quarters of insider risk is non-malicious. In a breakdown of the causes of accidental insider threat, the report notes that 55% of insider incidents are caused by a negligent or mistaken employee and 20% of insider incidents are caused by an employee falling for a cybercriminal trick and giving up their credentials. Only 25% of insider risk is caused by malicious insiders.


See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>

Insider threat problems are growing more frequent and more expensive

Insider risk is expensive. Just discovering a threat and mitigating it can be a budget buster. Researchers determined 2023, the total average cost of activities to resolve insider threats over 12 months is $16.2 million. Where a company is located factors into the bill that the company faces to deal with the activities associated with the threat. Companies in North America shelled out the most when faced with an insider incident, incurring the highest total cost in the survey at $19.09 million. European companies had the next highest cost at $17.47 million.

Here’s how that bill breaks down:

  • An average of $179,209 is spent to contain the consequences of an insider threat.
  • The average cost for escalation is $29,794
  • Monitoring and surveillance rack up a total cost of $33,596.

Even with a myriad of new cybersecurity innovations in the last year, the pace of escalation of the insider threat problem is not slowing. Instead, companies are experiencing an increasing number of these expensive incidents every year. In this year’s study, researchers determined that 71% of companies experience between 21 and more than 40 costly insider threat incidents per year. This is a precipitate an increase from the 2022 findings, which reported that 67% of companies had between 21 and more than 40 incidents.

an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>

Five ways an employee becomes an insider risk 

During the course of their daily activities, employees are frequently faced with making decisions that can positively or negatively impact their company’s security. These are five of the most likely ways that an employee becomes an insider threat. 

Accidental actions: Human beings make mistakes; it’s inevitable. That’s why the number one cause of data breaches never changes — it’s always human error. Even your most conscientious employees will make security blunders, like sending someone wrong files, setting weak passwords on their devices, like birthdays and names of their pets, or accidentally sharing confidential corporate data on a public platform. 

Falling for social engineering: Today’s sophisticated phishing scams can be hard to detect, even for a vigilant employee. Employees who are not properly trained on phishing techniques are prime targets for social engineering, especially if they’re fearful of the repercussions of missing a message or asking for help. 

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

Inattention: Employees can be inattentive to security protocols when they’re stressed, rushed, overwhelmed or just confused. Those mistakes are understandable. However, employees can also be inattentive to security guidelines because they just don’t take them seriously, and that’s a serious insider risk problem. Cybersecurity training and awareness programs can save $5.4 million in insider threat costs.

Bad credential handling: Credential misuse is one of the fastest ways for a company to suffer a data breach. Employees who write down passwords on sticky notes or share administrator passwords to eliminate bothersome approval steps put the security of their company’s data in danger. Credential theft incidents cost an average of $679,621 per incident.

Malice: A disgruntled employee is an extremely dangerous insider risk, and they can wreak havoc fast. Take steps to prevent employees from taking data with them when leaving the workplace or exiting the company. Be sure to avoid situations where employees might sell their still functional access credentials on the dark web. Malicious insiders can also directly unleash a cyberattack by deploying malware themselves. According to IBM’s Cost of a Data Breach Report 2023, data breaches caused by malicious insiders cost around $4.90 million, which is 9.5% higher than the cost of an average data breach. 

Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>

Mitigate All Kinds of Risk Effectively with Kaseya’s Security Suite

Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate all types of cyber risk effectively and affordably, including insider risk. Our solutions integrate seamlessly and leverage automation and AI to make IT professionals’ lives easier.   

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.      

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.     

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.    

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.       

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).       

Vonahi Penetration Testing — How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.    

Learn more about our security products, or better yet, take the next step and book a demo today! 

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!