The insider threat in cybersecurity, perceived risk vs. real risk.

The Insider Threat: Why Employees Can Be the Biggest Cybersecurity Risk

Experts in cybersecurity have been pointing out for some time that one of the main risks for companies — and probably the biggest threat to security — is not cyberterrorists or major system vulnerabilities, but rather the employees themselves: the insiders.

An insider is any person who, by the nature of their work, has access to systems, files, and ultimately to information — whether confidential, reserved, or directly secret.

The Prevalence of Insider Threats

Multiple studies point to careless employees, negligence, and overload — in general, accidental internal threats — as the most common cause of incidents.

• Ponemon Institute (2018): Negligence caused 64% of all insider threat incidents in the last 12 months.
• IBM: Insiders are involved in 60% of cases.
• Accenture: 70% of companies experienced an insider-origin incident in the last year.

A holistic approach to cybersecurity must give special attention to insider threats. This means improving risk prediction, knowing internal risks better, and implementing preventive actions on a continuous basis.

The Limits of Awareness Campaigns

While cross-cutting actions have value, the low effectiveness of generic awareness campaigns and general training shows the need for specific and personalised measures for each employee. Circumstances change quickly, so organisations must:

• Identify and prioritise risks for each person.
• Tailor action plans based on position, risk level, and potential impact.

Perceived Risk vs. Real Risk

In his article "Perceived and actual risk", Jon Danielsson, Director of the Systemic Risk Center at the London School of Economics, shows that perceived risk (predicted by models) and real risk (the underlying fundamental risk) are negatively correlated — when one increases, the other decreases.

This means risk forecasting models underestimate risk before a crisis and overestimate it after, making them systematically incorrect.

When insider risk is underestimated, the most valuable assets — from data to infrastructure, operations, or R&D results — are exposed. Beyond financial loss, companies risk investor confidence, customer trust, employee morale, and brand reputation.

The Cost of Insider Incidents

• Ponemon Institute: Average cost of $5 million per security breach caused by insiders.
• SANS Institute: Around $400,000 for investigation and remediation of each isolated incident.

Companies must prove diligence in preventing human risk — yet, often, measures beyond basic training are not implemented.

How to Address Insider Threats

Widely accepted measures include:

• Creating a dedicated internal threat department, or virtually implementing this function through existing departments.
• Partnering with a cybersecurity specialist to develop an Insider Threat Program.
• Including emotional salary initiatives in employer branding to promote workplace harmony.

Six Recommendations for Insider Risk Prevention

For Employees

1. Involve workers in the insider threat discussion (Cybersecurity Posture).
2. Raise awareness and make them part of the preventive measures.
3. Understand their needs and the reality of their position to provide targeted support.

For Organisations 4. Create a dedicated department or develop an insider threat program. 5. Seek support from specialised partners and improve awareness/hardening plan effectiveness. 6. Commit to data-driven prevention, supported by prediction and focused on helping employees reduce risk.

Discover more about insider risk prevention at Kymatio.com

More information about the author: Fernando Mateus