As noted in last year's report, a great deal is made of the insider threat, particularly by vendors selling solutions to stop insider security infractions. It's certainly true that some insiders are particularly well-placed to do enormous damage to an organization, but this survey's respondents seem to indicate that talk of the prevalence of insider criminals may be overblown. On the other hand, we're speaking here of financial losses to the organization, and in many cases significant insider crimes, such as leaking customer data, may not be detected by the victimized organization and no direct costs may be associated with the theft. 7
• Forty percent of all incidents reported by the 7,818 respondents (representing 36,000 US businesses) were attributed to insiders.
• Seventy-four percent of all cyber theft was attributed to insiders, including 93 percent of embezzlement incidents and 84 percent of intellectual property thefts.