Report: Insider Cybersecurity Threats Have Jumped 40% in 4 Years

The total number of insider incidents across 2023 rose to reach 7,343, up from just 6,803 the year before.

The average cost of an insider cybersecurity attack has sharply risen by 40% across the past four years, a new research report has found.

On top of that, the typical annual cost of these types of cyber threats has risen to reach $16.2 million per attack in the past 12 month period.

The biggest costs happen after the attack has occurred, which means that businesses everywhere should prepare their potential responses now in order to lose the least.

The Number and Costs of Insider Attacks Are Rising

“Insider” attacks, according to the new report, might be both malicious (Espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is negligent, mistaken, or outsmarted). The report, sponsored by insider cybersecurity firm DTEX Systems and out from the data privacy-focused Ponemon research institute, is titled 2023 Cost of Insider Risks Global Report.

It finds that insider threats are on the rise, and not just when it comes to the cost of each attack: The total number of insider incidents across 2023 rose to reach 7,343, up from just 6,803 the year before. 

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

Most of the incidents — 75% — were traced back to non-malicious insiders, often due mistaken insiders (55%).

The biggest costs: Containment and remediation, which on average account for $179,209 and $125,221 per incident, respectively. The longer a response takes, the greater the cost.

Why Cyber Budgets Aren’t Spent in the Right Places

Insider attacks are up. In other words, the call is coming from inside the house.

But businesses haven’t adjusted their budgets to account for this. 88% of them are still devoting 10% or less of their IT security budget to managing insider risk specifically… with 91.8% of budgets going towards external threats.

But social engineering, which targets insiders to phish or otherwise trick employees into leaking sensitive information on their own company, remains a huge concern. We lost a collective $6.9 billion to phishing attacks in 2021, and just last year the FBI declared phishing to be the most common form of cyber attack.

Staying Safe From Insider Threats

Change is coming, the report found. Nearly half of organizations, or 46%, are set to increase their investments in insider risk programs in 2024.

But what could that look like for you? Here are the top tips for avoiding a phishing attack.

  • Use two-factor authentication
  • Double-check the URL
  • Don’t give out your login credentials
  • Monitor your personal financial accounts

You can also consider a few extra security tools — we’ve ranked the top VPNs for businesses and the best password management tools to boot.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals