What percentage of security breaches originate internally vs. externally?

What percentage of security breaches originate internally vs. externally? Where could I find further information...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

on this topic?

This is a statistic that's quoted a lot -- often 80% of breaches occur internally -- but there's varying data on it. The CSI/FBI Computer Crime and Security Survey has interesting data on this, but I would also recommend checking out other surveys from security magazines and research firms. A Google search using the words "information security survey" turns up some good info.

The bottom line is no one really knows for sure, but it's a considerable amount. Based on what I see, the odds are that more external attacks occur, but are often blocked by basic perimeter security controls. On the other hand, even though internal security breaches probably occur less often, when they do, it's bad news. I wrote an article intellectual property leakage (which is what most internal breaches are about) for the Feb. 2004 issue of Information Security magazine that covers this subject and provides a survey of vendor solutions.

For more info on this topic, please visit these SearchSecurity.com resources:

Are insiders really a bigger threat?

Security Policies Tip: Terminating a system administrator

Employee monitoring: Is Big Brother a bad idea?

Read the March 2004 issue of Information Security magazine for more in-depth coverage.

This was last published in March 2004

Dig Deeper on Data security breaches

Business still not addressing insider threat Businesses are still not addressing inside threats when it comes to cyber security, leaving themselves wide open to data breaches as a result, according to a security analyst

Most firms will not be GDPR-ready by compliance deadline Survey of IT decision-makers shows one-fifth of companies lack continuous encryption capabilities and only half have the systems required for the right to erasure and the right to rectification

One in eight people have suffered a healthcare data breach A quarter of victims had their NI number compromised and 18% saw their biometric identifiers compromised, but most people trust healthcare providers with their data

Should CISOs share the responsibility for a cybersecurity incident? CISOs usually take the brunt of the blame when a cybersecurity incident occurs, but should they? Expert Mike O. Villegas details ways CISOs can share the responsibility.

What are the benefits of a having a CISO title in an organization? Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.

Risk versus hype: What is the real impact of insider security threats? Expert Joe Granneman separates sensationalism from reality to determine how much risk insider security threats actually pose to enterprise security.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Please create a username to comment.

Benefits of using Azure Security Center for security assessments

Use Azure Security Center to conduct a security posture assessment

How container adoption affects container security

Juniper Mist roadmap includes SD-WAN, security integrations

Why Secure Access Service Edge is the future of SD-WAN

5 common SD-WAN challenges and how to prepare for them

Don't let edge computing security concerns derail your plans

Risk-based digital identity benefits CIOs, CMOs and customers

Agile practices endure and continue to adapt

4 ways to fix Windows 10 boot problems

When not to convert basic disks to dynamic disks

Project Limitless' 5G PC and what desktop admins need to know

Save money on instances with these cloud discounts

Google joins bare-metal cloud fray

Google boosts VMware public cloud support with CloudSimple buy

Senators raise questions over Facebook’s monitoring of phone users’ locations

Extreme stretches datacentre fabric with added automation

NHSX seeks chief information officer

Dig Deeper on Data security breaches

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.