What is the Greatest Cybersecurity Threat: Insiders or Outsiders?

In a short two years, it is safe to say that the prospect of cybercrime has suddenly shifted to be a top concern for many decision makers around the world.

It started with the explosive hacks that rocked companies like Sony, JP Morgan, Target, and other well-known brands. More recently, it was the release of thousands of hacked emails from the DNC and John Podesta, along with the allegations of Russian hacking, that has led the news cycle.

As a result, it is not surprising that much of today’s narrative on cybercrime is centered around the devastating potential of external threats to countries or businesses. The reality is, however, that there is a whole other side of things to consider.

Are Insiders or Outsiders the Greatest Cybersecurity Threat?

While external threats like cybercriminals or hackers are an ongoing concern for organizations, it is actually malicious insider attacks that tend to cause the most damage on average (in terms of costs).

Today’s infographic from Digital Guardian explains the differences, methods, and typical costs associated with each kind of cybersecurity threat.

Is it insiders or outsiders that pose the greatest threat to organizations? The answer seems to be both, and for very different reasons.

Insiders or Outsiders?

Outside threats such as cybercriminals, nation state-sponsored attacks, competition-sponsored attacks, and hacktivists are certainly more sophisticated in their approaches, but they also lack the credentials and information that insiders may hold. For that reason, the most likely root cause of data breaches involve both insider and outsider threats together.

Strictly in terms of costs, it’s malicious insider attacks that pose the biggest cybersecurity threat to organizations. When weighted for attack frequency, the average annualized cost of such an attack is $144,542 per year according to the Ponemon Institute.

This puts it above DoS attacks, but by a relatively small margin: