Insider Threats: 2025 Quick Reference

Big Picture

• 83 percent of organizations reported at least one insider attack in the past year (Ponemon Institute, 2023).
• 56 percent of all incidents involve insiders, whether intentional or accidental (Verizon DBIR, 2024).
• 30 to 40 percent of confirmed breaches are directly caused by insiders (CERT Insider Threat Center, Carnegie Mellon University).
• The average annual cost of insider incidents is about 17.4 million dollars per organization (Ponemon Institute, 2023).
• It takes an average of 81 days to contain an insider incident (IBM Cost of a Data Breach Report, 2023).

Human Factor vs Direct Insider Threats

• The human factor plays a role in about 65 percent of breaches, including mistakes, phishing, and social engineering (CISA, 2023).
• Direct insider threats account for 30 to 40 percent of breaches, where the insider is the actual cause through negligence, malicious intent, or compromised credentials (CERT, 2022).

Key distinction: All insider threats involve humans, but not all human-driven breaches are insider threats.

Types of Direct Insider Threats

• Negligent insiders: About 60 percent of incidents. Examples include clicking phishing links, using weak passwords, or relying on shadow IT (CISA, 2023).
• Malicious insiders: Roughly 30 percent. These are disgruntled employees who steal data or sabotage systems (CERT, 2022).
• Compromised insiders: Around 10 percent. These cases involve stolen credentials or hijacked accounts (Verizon DBIR, 2024).

High-Risk Sectors

• Healthcare: Vulnerable to negligence and phishing, often due to high data sensitivity and staff overload (HIPAA Journal, 2023).
• Finance: Targeted through credential theft and fraud, with high-value data at stake (FS-ISAC, 2024).
• Government: Faces risks from malicious insiders and espionage (CISA, 2023).
• Technology: Exposed to intellectual property theft and shadow IT (Gartner, 2024).

Key Takeaway

The human factor drives most breaches, but only a portion are directly caused by insiders. Negligence is the most common insider incident, while credential theft is the most costly. Organizations that combine Zero Trust architectures (NIST SP 800-207), user behavior analytics (Gartner, 2024), and strong security culture (CISA, 2023) are best positioned to reduce insider risk in 2025.