71% of Businesses Plagued with Insider Attacks Perpetrated by Malicious Employees

ARLINGTON, Va.--(BUSINESS WIRE)--Insider attacks such as fraud, sabotage, and data theft plague nearly three quarters (71%) of U.S. businesses, according to Capterra’s 2023 Insider Threats Survey. These schemes can cost companies hundreds of thousands of dollars and the vast majority of businesses (79%) say they take longer to uncover than external threats.

According to Capterra’s research, companies that allow excessive data access are much more likely to report insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data. Also alarming, of the companies that have experienced insider attacks, one in three (34%) report that the scheme involved an employee with privileged access.

“Businesses that restrict data appropriately are twice as likely to avoid insider attacks,” says Zach Capers, senior security analyst at Capterra. “That’s why it’s critical to employ the principle of least privilege, restricting data only to what employees need to do their job. Highly-privileged users must also be scrutinized and the use of admin rights should be minimized.”

Data theft is the most common type of insider attack, reported by 38% of businesses. This is concerning because, in many cases, these incidents also constitute a data breach. The second and third most common types of insider attacks are the misappropriation of assets (32%) and disclosure of trade secrets (30%), respectively.

While not the most common type of attack, insider fraud schemes are especially financially devastating—costing businesses nearly a quarter of a million dollars, averaging $262,138. These types of attacks also typically take businesses five months to uncover. Since fraud is concealed by its very nature, it’s suspected that these averages are even higher than officially reported.

Motivation to commit insider attacks is often borne from need or greed—but in most cases it also stems from disgruntled employees seeking retribution. Of companies that have experienced insider attacks, four in five (80%) have been victimized by disgruntled employees. Amid a spate of layoffs in the tech industry and following the so-called Great Resignation during which employees sought better pay and benefits en masse, the potential for disgruntled employees must be taken more seriously than ever before.

Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents. Read the full report on Capterra.com for recommendations to reduce risks and learn how software can help ease insider threat mitigation.

About Capterra
Capterra is the #1 destination for organizations to find the right software and services. Our marketplace spans 100,000+ solutions across 900 categories, and offers access to over 2 million verified reviews—helping organizations save time, increase productivity and accelerate their growth.