October 15, 2019

October 14, 2019

Subscribe to Latest Legal News and Analysis

Employees and Partner Organizations Pose Threat to Companies

According to the 2019 Verizon Insider Threat Report, 20 percent of all cybersecurity incidents and 15 percent of data breaches in 2018 were caused by insiders—that is, employees or partner organizations. The reasons for these threats included financial gain (to use or sell company data to make money—47.8 percent), pure fun (23.4 percent) and espionage (14.4 percent).

The report lists five categories of insider threat actors:

  1. The Careless Worker—who misappropriates resources, installs unauthorized apps and workarounds, breaks the company’ acceptable use program, or mishandles data.
  2. The Insider Agent—who is recruited, solicited or bribed to exfiltrate data from the company.
  3. The Disgruntled Employee—who wants to hurt the company by destroying or exfiltrating data to cause harm to the company.
  4. The Malicious Insider—who accesses corporate assets and intellectual property information for personal gain.
  5. The Feckless Third Party—business partners who have reduced security, compromising company data through negligence, misuse, or malicious threat.

The Verizon Report provides a framework on how to be proactive in addressing insider threat.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...