Threats Insider Threat: Disconnect Between Staff and CIOs
Would you like to learn more?
Download our Pentest Sourcing Guide to learn everything you need to know to successfully plan, scope, and execute your penetration testing projects.
When it comes to the root cause of organizational data breaches (and the common disconnect between staff and CIOs), one of the most underestimated threats is insider risk.
High-profile breaches at Facebook, Marriott, and Equifax (and, more recently, a spike in insider threats in 2025) all involved employee errors—sometimes unintentional—which underscores how negligence, inattention, or gaps in cybersecurity awareness often play a larger role than outright malicious insider actions. A recently-updated Egress study on insider threats highlights that these non-malicious human mistakes are far more common breach drivers than criminal insiders.
To investigate this problem, Egress examined both employer and employee perspectives. Not surprisingly, a profound disconnect emerged—on problem awareness, ownership, and responsibility.
The results of the survey emphasize a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk. While IT leaders seem to expect employees to put data at risk, they’re not providing the tools and training required to stop the data breach from happening.
— Tony Pepper, CEO, Egress Software Technologies
IT Leaders vs. Employees: The Divide
Statistics reflect the following:
Accidental Breaches:
79% of IT leaders reported employees risking company data in the past year; the dominant cause (45%) was emailing information to the wrong recipient
In contrast, 92% of employees denied breaking data policies accidentally, and 91% rejected intentional wrongdoing
Moreover, 60% of leaders anticipate at least one accidental breach within the next 12 months. The majority admitted accidental sharers: 48% were rushed, 30% cited pressure, and 29% blamed exhaustion
Alarmingly, 35% didn't realize the data was sensitive—highlighting inadequate awareness training
Intentional Breaches:
61% of employers believe malicious leaks occurred
30% attribute leaks to harmful intent, 28% to financial gains
Only 8%** of employees admitted deliberately sharing information, and 23%* of them took data to new jobs
Among the purposeful sharers, 55% claimed their organization did not provide secure sharing tools
2025: The Numbers You Need to Know
74% of security breaches in 2025 still involve a human element, whether through error or phishing
In fact, 95% of all data breaches are attributed to human error
Accidental insiders alone were responsible for 60% of insider-origin breaches
12% of employees took sensitive intellectual property upon leaving—mirroring Egress’s findings
The average data breach now costs US $4.88 million, up 10% from 2023
It takes an average of 204 days to detect a breach and another 73 days to contain it
Organizations using AI and automation discovered and contained breaches 108 days faster, saving on average US $1.76 million
82% of breaches involve cloud-stored data; 86% involve stolen credentials
32% of cyber incidents involve data theft over encryption, with 124% more exploitation attacks compared to the prior year
Third parties are involved in 30% of breaches—double last year’s rate
Takeaway: Human Risk Remains the Disconnect Between Staff and CIOs
Security leaders now rank human risk above tech gaps, with 79% noting that collaboration tools pose new threats and 81% concerned about generative AI leaks.
We recommend to:
Intensify human-risk training – simple awareness isn't enough. Reinforce it routinely.
Provide secure tools for data sharing—cloud, encryption, and identity controls.
Implement AI-driven monitoring to proactively detect anomalous behavior
Prioritize third-party risk—perform thorough vetting and continuous monitoring
Conclusion
The gap between employers and employees on data security responsibility is stark—and costly. With 95% of breaches tied to human error, organizations must rethink their internal defense strategy.
A combination of comprehensive awareness training, secure tools, and regular penetration testing will help turn insider threats from a blind spot into a managed risk.
Contact Us
Speak with an Account Executive
Interested in Pentesting?

Penetration Testing Methodology
Our Penetration Security Testing methodology is derived from the SANS Pentest Methodology, the MITRE ATT&CK framework, and the NIST SP800-115 to uncover security gaps.
Download Methodology
Pentest Sourcing Guide
Download our Pentest Sourcing Guide to learn everything you need to know to successfully plan, scope, and execute your penetration testing projects.
Download GuideFeatured Posts

July 02 - Blog
Blackwood APT Uses AiTM Attacks to Target Software Updates
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.

June 12 - Blog
What is an Initial Access Broker?
What is an initial access broker? With the emergence of Ransomware as a Service, operators often rely on initial access brokers to obtain an initial foothold on the network. Learn more today.

May 31 - Blog
New Ransomware Technique Emerges: Fake Ransomware Support
A new ransomware scam uses fake tech support tricking victims into paying for their files back: a novel technique designed to socially engineer victims among a number of fake ransomware attacks.