Insider cybersecurity threats are much more prevalent than most of us realize. IBM estimates that 60% of all cyberattacks are perpetrated by those with insider access1; McAfee cites enterprise insiders as a major source of Personally Identifiable Information (PII) sold on the dark web, particularly in the healthcare industry; and at least two-thirds of major corporations reported insider threat incidents in 20163 ranging from file theft and destruction to selling passwords and deliberately sabotaging critical systems. Over 40% of U.S. government agencies report such incidents every year. It's a serious—yet incredibly overlooked—risk.
Employees turn malicious for a variety of reasons. Some are disgruntled and respond by acting out electronically against their co-workers and employers. Others have personal or financial problems outside of work that trickle into the workplace and manifest themselves in destructive behaviors, including those who may be bribed or otherwise financially incentivized to sell credentials or other information. Others are simply thrill-seekers who might enjoy file theft or system sabotage—as research in cyber psychology shows, we’re likely to behave more recklessly online than we are "IRL."