cybersecurity-share

What is the Greatest Cybersecurity Threat: Insiders or Outsiders?

In a short two years, it is safe to say that the prospect of cybercrime has suddenly shifted to be a top concern for many decision makers around the world.

It started with the explosive hacks that rocked companies like Sony, JP Morgan, Target, and other well-known brands. More recently, it was the release of thousands of hacked emails from the DNC and John Podesta, along with the allegations of Russian hacking, that has led the news cycle.

As a result, it is not surprising that much of today’s narrative on cybercrime is centered around the devastating potential of external threats to countries or businesses. The reality is, however, that there is a whole other side of things to consider.

Are Insiders or Outsiders the Greatest Cybersecurity Threat?

While external threats like cybercriminals or hackers are an ongoing concern for organizations, it is actually malicious insider attacks that tend to cause the most damage on average (in terms of costs).

Today’s infographic from Digital Guardian explains the differences, methods, and typical costs associated with each kind of cybersecurity threat.

What is the Greatest Cybersecurity Threat: Insiders or Outsiders?

Is it insiders or outsiders that pose the greatest threat to organizations? The answer seems to be both, and for very different reasons.

Insiders or Outsiders?

Outside threats such as cybercriminals, nation state-sponsored attacks, competition-sponsored attacks, and hacktivists are certainly more sophisticated in their approaches, but they also lack the credentials and information that insiders may hold. For that reason, the most likely root cause of data breaches involve both insider and outsider threats together.

Strictly in terms of costs, it’s malicious insider attacks that pose the biggest cybersecurity threat to organizations. When weighted for attack frequency, the average annualized cost of such an attack is $144,542 per year according to the Ponemon Institute.

This puts it above DoS attacks, but by a relatively small margin:

Type of cyberattackAvg. cost per attack, weighted by frequency
Malicious insiders$144,542
Denial of services$126,545
Web-based attacks$96,424
Phishing & social engineering$85,959
Malicious code$81,500
Stolen devices$33,565
Malware$7,378
Viruses, worms, trojans$1,900
Botnets$1,075

Subscribe to Visual Capitalist

Follow Visual Capitalist on Twitter
Like Visual Capitalist on Facebook
Follow Visual Capitalist on LinkedIn

Embed This Image On Your Site (copy code below):



Mornings are better with Visual Capitalist.coffee_email1

Thank you!
Given email address is already subscribed, thank you!
Please provide a valid email address.
Please complete the CAPTCHA.
Oops. Something went wrong. Please try again later.