According to the 2019 Verizon Insider Threat Report, 20 percent of all cybersecurity incidents and 15 percent of data breaches in 2018 were caused by insiders—that is, employees or partner organizations. The reasons for these threats included financial gain (to use or sell company data to make money—47.8 percent), pure fun (23.4 percent) and espionage (14.4 percent).

The report lists five categories of insider threat actors:

  1. The Careless Worker—who misappropriates resources, installs unauthorized apps and workarounds, breaks the company’ acceptable use program, or mishandles data.
  2. The Insider Agent—who is recruited, solicited or bribed to exfiltrate data from the company.
  3. The Disgruntled Employee—who wants to hurt the company by destroying or exfiltrating data to cause harm to the company.
  4. The Malicious Insider—who accesses corporate assets and intellectual property information for personal gain.
  5. The Feckless Third Party—business partners who have reduced security, compromising company data through negligence, misuse, or malicious threat.

The Verizon Report provides a framework on how to be proactive in addressing insider threat.