A third of data breaches next year will be caused by insider incidents, report predicts

One in three data breaches in 2021 will come from insider incidents, according to new research from market analysts Forrester.

The research predicts the proportion of data breaches from insider incidents will rise from 25% currently due to changes brought about by the Covid-19 pandemic.

Following the pandemic’s disruption, the report estimates that remote work will rise to 300% of pre-COVID levels, with at least 21% of US information workers working primarily from home, compared with 7% in 2019.

The report states, “In 2021, we will begin to see contours of the new economic, social, and cultural orders forged in the crucible of the COVID-19 pandemic,” but firms will have to learn how to manoeuvre these changes and adapt if they are to remain competitive.

The report recommends CISOs’ focus post-pandemic, as well as that of security and risk leaders, will be to monitor three crucial factors that will lead to a rise in insider attacks:

  1. The rapid push of users, including some outside of companies’ typical security controls, to remote work as a result of the COVID-19 pandemic
  2. Employees’ job insecurity
  3. The increased ease of moving stolen company data

These factors combined will produce an increase of 8 percentage points in insider incidents, according to the study. Additionally, the report suggests that the number of insider attacks will likely rise further as companies learn to identify and attribute insider threats with insider activity. 

“Leading CISOs will put a greater focus on insider threat defense while emphasizing improved employee experience — not treating users like machines — to avoid turning employees into malicious insiders. Considerations for employees’ privacy, company culture, and local standards for lawful, fair, and acceptable labor practices are key to the success of your insider threat program,” the report adds. 


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.