Industry Insights

4 Takeaways from the Aberdeen Report on Understanding Your Insider Risk

5 min Read

Abhik Mitra

Industry Relations Lead at Code42

For most organizations, digital transformation has accelerated growth, fostered innovation and driven productivity. But with remote work during the pandemic, digital transformation shifted from a growth and productivity strategy to a business imperative necessary to keep organizations running. Even those organizations that were already hybrid had to suddenly support an entire remote staff – effectively overnight. 

Now, as organizations gradually and cautiously move out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. We are at an inflection point where long-held norms about employee experience and workforce collaboration are up for debate. Major paradigms are shifting. The rules of engagement are being rewritten. However it shakes out, it’s clear that within the new world of work Insider Risk will only continue to grow as a top cybersecurity challenge – one that, if not managed, will have a significant impact on the business as a whole. 

We teamed up with Derek Brink, VP and research fellow at Aberdeen, to do a deep dive into the impact that Insider Risk has on the business. We uncovered that:

  • 1 in 3 reported data breaches involve an insider – and about 80% of those are not malicious but unintended
  • 75% of organizations don’t have consistent, centralized visibility into their environments
  • In 2020 a breach was 4.5x more likely to happen on an endpoint than a server
  • The average number of data exposure events is 13 data exposure events per user, per day
  • The cost of a data breach from insiders can reach as much as 20% of a company’s annual revenue 

Here we discuss these stats and our four key takeaways from the report “Understanding Your Insider Risk, and the Value of Your Intellectual Property”:

Sinister Data Thieves Are Not Your Biggest Problem

The Aberdeen report reveals that 1 in 3 reported data breaches involve an insider – and about 80% of those are not malicious but unintended. And since most insider incidents – data leaks – are non-reportable by law, we estimate this number to be much higher in actuality. To put it another way, everyday employees are repeatedly doing things that put your company’s most valuable data in jeopardy. But it’s not that all employees are sinister data thieves – they’re simply doing their jobs. 

The measure of an organization’s success is often measured in reward and time. Most organizational strategies, plans, priorities and metrics are rooted in a “time to reward” mindset. This is how decisions get made.  Time to market, time to revenue, time to value are all intrinsic to nearly every decision made at an organization – including how employees get their day-to-day work done.

What is seldom factored into the decisions employees make is risk – what we call Insider Risk – data exposure events whether they be security, compliance or competitive in nature – that jeopardize the financial, reputational or operational well-being of a company and its employees, customers and partners.

Without Visibility, You’re Making Decisions on Intuition and Gut Feeling

How can you make business decisions about Insider Risk if you don’t have visibility into enterprise file movements? According to the report, an alarming 75% of organizations don’t have consistent, centralized visibility into their environments. This tells us that 3 out of every 4 organizations are lacking the tools necessary for visibility into how much enterprise file movement the organization has – and how frequently valuable files are exposed by legitimate users carrying out their day-to-day activities.

And without that visibility, they are also lacking the context needed to make risk-based decisions about their data. Aberdeen breaks context down into three questions: What data do we have? Where is it moving, and how? Who is accessing it? For most organizations, the answer to these questions is “we don’t know.”

Endpoint Security Has Never Been More Important 

The remote and hybrid world is likely here to stay, even post-pandemic. And in this new world, your enterprise files are always on the move – in support of your organization’s initiatives for productivity, collaboration and digital transformation. Users generally have more interactions with valuable enterprise files using their endpoints – and well-intentioned people often make unintentional mistakes. The report shows that in 2020 a breach was 4.5x more likely to happen on an endpoint than a server – and the year-over-year trend is only getting worse.

The Impact Is Real

It’s true that most enterprise file movements are benign. But a material percentage of them put your valuable data at risk. The average number of data exposure events – e.g., insiders moving enterprise files to untrusted locations via email, messaging, cloud, or removable media – is 13 data exposure events per user, per day. This is significant, if not surprising, given the widespread adoption by insiders of personal cloud-based applications (e.g., storage, email, collaboration platforms) – not to mention routine employee turnover, authorized access by contractors and third parties, and an increasingly Work-From-Anywhere workforce. 


With an understanding of how many data exposure events occur per day, the next step is to evaluate the impact. The report reveals that the cost of a data breach from insiders can reach as much as 20% of a company’s annual revenue. Let me say that again – up to 20%, from just this one threat vector. In the report, quantifying the risk to the organization came down to three “valuable” rules of thumb:

  • Organization Value: the higher the company’s valuation, the greater the likelihood of an insider data breach. 
  • Data Value: there’s a one-in-four chance the corporate data breached was intellectual property (IP).
  • IP Value: in cases involving an IP breach, the total impact is up to 440% of the revenue generated by the IP

Understanding the impact of Insider Risk within your organization will both help you address it, and allow you to successfully communicate the critical nature of the problem to the leadership team and the board so that you have the support and resources necessary to be successful. To learn more about measuring your Insider Risk, download the Aberdeen report “Understanding Your Insider Risk, and the Value of Your Intellectual Property”.

Abhik Mitra

Abhik is a senior product marketing manager at Code42 and brings 10+ years of experience in enterprise technology. He is the strategic conduit between the customer, product management, sales and marketing teams. He is passionate about creating compelling content and communications to demonstrate the strengths of tech solutions. Prior to Code42, he served as a global product manager for companies such as Xiotech, Kroll Ontrack and Imation.