This article was produced in partnership with QBE
When it comes to cybercrime, employees can either be an organization’s most powerful defense or their biggest weakness. According to research from Tech Report, in 2023 approximately 31% of all data breaches were caused by insider threats – meaning that one third of data breaches were caused by an employee or contractor.
It’s a worrying statistic for employers, especially as cyberattacks and the criminals behind them continue to become more sophisticated.
Insider threats are a growing concern in cyber security, stemming from both unintentional actions, such as falling for phishing scams, as well as actions with deliberate malicious intent. Research from Spy Cloud found that 56% of organizations experienced an insider threat incident in the past year, with 60% of HR security still being manual - leaving huge exposure gaps for insider threats to sneak in.
Insider threats can be notoriously difficult to spot for leaders, but there are clues. Below are some warning signs from QBE’s expert cyber team:
To better mitigate these risks, businesses need to act preventatively rather than curatively by prioritizing workplace culture, ongoing training, and implementing strong data privilege and monitoring controls.
At QBE, they recommend that organizations put time and energy into enhancing data protection. This can include:
From there, organizations should establish clear policies and procedures. This begins with developing and enforcing clear guidelines on the acceptable use of resources, data handling, and reporting suspicious activities – as well as ensuring employees understand the consequences of violating these policies.
If an incident does occur, it’s important to act quickly and confidently – something which can be achieved by already having a response plan in place. In the event of an insider-related cyber incident, having Incident Response Plans (IRP) and Business Continuity Plans (BCP) tailored to address these risks can make the difference between a minor disruption and a major event with significant financial and reputational consequences.
And, remember, when an employee leaves the business it’s essential to ensure their remote access is wholly revoked as soon as possible.
But it’s not always malicious insider threats – sometimes mistakes are made purely because of human error, making employee training a vital tool. Consideration to privileged access, and ongoing education are paramount to mitigating risk and creating a strong security-minded culture.
Despite the controls, organizations may still experience a security breach and QBE’s cyber insurance policy QCyberProtect can help protect against a range of risks associated with digital technology and can assist in providing 24/7 IT forensic and legal support in the event of a cyber event. Talk to your broker today for more information about our offering.
The information and recommendations presented herein are for general informational purposes only. No warranties or representations are made as to the accuracy of the information provided, and QBE North America assumes no liability in connection with your use or non-use of such information and does not guarantee that the information includes all possible risks or unusual circumstances that may occur. Reliance upon, or compliance with, any of the information, suggestions or recommendations contained herein in no way guarantees the fulfillment of your obligations under your insurance policy or as may otherwise be required by any laws, rules, or regulations. QBE and the links logo are registered service marks of QBE Insurance Group Limited. © 2025 QBE Holdings, Inc.
