
According to the Ponemon 2025 Cost of Insider Risks Global Report, the total average annual cost of insider risk is now $17.4M — up from $16.2M in 2023.
Even more surprising than this statistic is the fact that insider threats stem from just 1% of employees with intentionally bad actions.
Rise in Insider Threats
The number of insider incidents increased from 7,343 in 2023 to 7,868 incidents in 2024. While insider incidents might have increased, frequency dwindled. 58% of companies experienced between 21 and more than 40 incidents — that is a decline from 71% in 2023.
Not only has frequency declined, the report also shows organisations respond to incidents more swiftly than before. They spend an average of 81 days responding to an insider incident, down from 86 in 2023.
Insider threats can be grouped into any of the following:
- Negligent/Mistaken: An insider carelessly ignores warnings or makes genuine mistakes.
- Outsmarted: A non-malicious insider causes harm by being outsmarted by an attacker’s technique.
- Malicious: An insider with a malicious intent to cause harm.
Whether intentional or not, the stain it puts on an organisation’s security reputation is irreversible. The costs include:
- The negligent/mistaken: $8.8M (up from $7.2M in 2023)
- Outsmarted: $4.8M (up from $4.2M in 2023)
- Malicious: $3.7M (down from $4.8M in 2023)
High-Profile Examples of Insider Threats
In 2023, Tesla suffered a data breach incident orchestrated by former employees who revealed the company’s sensitive data to a foreign media outlet. The leaked data included the names, addresses, phone numbers, employment records, and social security numbers of over 75,000 current and former employees. Clearly, a malicious intent to damage the company’s reputation.
Microsoft faced a similar incident but out of negligence. In August 2022, several Microsoft employees inadvertently exposed login credentials to the company’s GitHub infrastructure. This information could have granted anyone, including malicious actors, access to Azure servers and potentially other internal Microsoft systems.
5 Signs Your Organization is at Risk of Insider Threats
1. Lack of Compliance Awareness: Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements to their work, which can impact the organization’s security.
2. Poor Device Security Practices: Employees are unaware of the steps they should take to ensure the devices they use (both company-issued and BYOD) are secured at all times.
3. Unsafe Data Storage: Employees send highly confidential data to an unsecured location in the cloud, increasing the risk of data leaks or breaches.
4. Security Policy Violations: Employees circumvent the organization’s security policies to simplify tasks, potentially exposing the company to cyber threats.
5. Outdated Software and Systems: Employees do not keep devices and services patched and upgraded to the latest versions, leaving the organization vulnerable to cyberattacks.
What Seems to be Working
Over 81% of companies currently have, or are planning to implement, an insider risk management program, which is an increase from 77% in 2023.
Additionally, the budgets for insider risk management have more than doubled, now accounting for 16.5% of the overall IT security budget. Organizations with insider risk management programs reported notable benefits, with 63% indicating time savings in responding to breaches, 61% enhancing their company’s reputation, and 59% decreasing financial losses resulting from breaches.
Artificial intelligence (AI) is proving beneficial, as more than half (54%) of organizations are now utilizing AI to identify and mitigate insider risks. Among these organizations, 70% highlighted the reduction of investigation times as one of the top three advantages of using AI in insider risk management.
How to Protect Your Organisation From Insider Threats
1. Monitor and Detect Suspicious Behaviour: Continuously track user activity to identify unusual access patterns, data transfers, or policy violations. Implement User and Entity Behaviour Analytics (UEBA) and Security Information and Event Management (SIEM) tools to detect anomalies early.
2. Leverage AI in Threat Detection and Response: AI-powered systems can analyse vast amounts of security data in real time to identify insider threats, behavioural anomalies, and potential risks. Machine learning models improve over time, enabling faster and more accurate threat detection.
3. Adopt an Insider Risk Management Program: Establish a structured approach to managing insider risks by integrating HR, IT, and security teams. Define clear policies, risk assessment procedures, and response plans to handle insider threats effectively.
4. Implement Zero-Trust Frameworks: The Zero-Trust model enforces strict access controls, continuous authentication, and least privilege access to ensure users and devices are always verified before accessing critical systems or data.
5. Create a Strong Security Culture: Encourage a security-first mindset across all departments by promoting transparency, accountability, and cybersecurity best practices. Foster open communication and provide anonymous reporting channels for employees to flag suspicious activities.
6. Employee Training and Awareness: Regular cybersecurity training ensures employees recognise, report, and avoid insider threats such as phishing, data leaks, and social engineering attacks. An informed workforce is the first line of defence.