Important! June 12th, 2024 Webinar Attendees, please click here to complete our Survey or Verification Request Form.

Click Here

Employees Are Your Greatest Cybersecurity Risk

Last update





Print Friendly, PDF & Email
Two-thirds of data breaches are caused by insiders.

Don’t look now, but the biggest security threat to your law firm data is most likely sitting right under your nose.

Although you might think nefarious outside hackers are your number one worry, in reality your current and former employees pose a much greater danger.

The threat may come from a disgruntled worker with malicious intent or a careless employee with sloppy security practices.

“While most companies imagine security threats in the form of malicious outsiders, the employees already in your organization may pose an even bigger threat,” writes cybersecurity expert Rob Sobers for MultiBrief. “Research suggests that insider threats account for anywhere from 60 to 75 percent of data breaches. These insider threats are dangerous because they can come from almost anywhere — a jilted ex-employee bent on personal revenge, a malicious insider looking for personal gain, or even a content staff member who lacks cybersecurity training.”

Consider these two statistics: ninety (90) percent of organizations are vulnerable to an insider attack; and damages from an insider attack costs organizations from $100,000 to $500,000 per incident.

Stay a step ahead of cyber-criminals with Alta Pro Insurance Services. Our cutting-edge CLE webinars show you how to stay safe and successful in stressful times. Learn more here.

Prevention starts with awareness. Following are some key considerations from Rob Sobers, senior director at cybersecurity firm Varonis, for reducing your risk of an insider threat:

Types of Insiders

  • Privileged IT users
  • Disgruntled former employees
  • Business partners
  • Managerial employees with admin capabilities
  • Non-managerial employees
  • Outside consultants
  • Third-party vendors

Types of Insider Threats

  • Careless – accidentally exposes sensitive data through negligence or a misunderstanding of cybersecurity best practices.
  • Compromised – inadvertently becomes compromised by an outsider through methods like social engineering, spear-phishing and malware.
  • Malicious – intentionally steals sensitive data or compromises systems, often for personal gain or professional advantage

Insider Threat Motivations

  • Financial gain
  • Personal gain
  • Business advantage
  • Professional revenge
  • Professional sabotage
  • Employee discontent
  • No motivation, carelessness

Insider Threat Methods

  • Social engineering
  • Physical theft
  • Electronic theft
  • Unintentional systems damage
  • Unintentional data leaks
  • Stolen credentials

High-Profile Breaches Caused by Insiders

  • Target: compromised insider / stolen credentials / 40 million debit and credit card records stolen / $105 million in damages
  • Boeing: malicious insider / physical and electronic theft / $2 billion in sensitive data stolen
  • Sony Pictures: compromised insider / social engineering, phishing emails / 100 terabytes of data stolen / $35 million in damages
  • National Security Agency: malicious insider / electronic theft / up to 1.7 million classified documents stolen

Sources: MultiBrief; US Department of Homeland Security; 2018 Insider Threat Report; Digital Guardian; MetaCompliance; IT Pro Portal / IT Governance / Wired

If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.


Print Friendly, PDF & Email

Related Posts on!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Essential Business Skills for Busy Lawyers Part 2 – Build Your Legal Practice Like a Pro

August 28, 2024 1:00 pm EST
CLE Credit: 1.0 Regular

Colleen L. Byers

Colleen Byers Mediation, LLC


Latest Videos

1 Hour

Essential Business Skills for Busy Lawyers Part 1 – Communicate Like A Pro

1 Hour

Creating an Attorney Compensation Plan That Will Build Firm Culture and Attract Top Talent

1 Hour

Cybersecurity for Attorneys: Employing Competent and Reasonable Safeguards

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at

Or submit your issue in the comment form below and we will respond as soon as possible.