The Enemy Within: Top 5 Insider Cyber Threats for Companies in 2025

Company leaders often significantly underestimate insider cyber threats - yet it is employee actions, even unintentional ones, that can lead to catastrophic consequences.

According to various estimates, in 2024, between 68% and 95% of all data breaches were linked to human error. Let’s explore the main reasons why employees often become the weakest link in a company’s cybersecurity system.

1. Poor password practices

Studies show that 45% of passwords consist only of numbers or lowercase letters. According to Microsoft, nearly 100% of compromised accounts lacked multi-factor authentication. This carelessness and lack of security awareness make it easy for attackers to gain access.

What to do: Companies should conduct internal penetration testing, and users should be trained to create strong, unique passwords and avoid reusing them across services.

2. Phishing and social engineering

Employees frequently fall victim to phishing attacks: they open suspicious emails, click on malicious links, download infected files, or respond to attacker requests by providing sensitive information. For example, in 2024, an employee at a Hong Kong company transferred $25 million to hackers due to a phishing scam that used deepfake video impersonation.

What to do: Implement strong email filtering systems, enforce two-factor authentication across all corporate platforms, and conduct regular employee cybersecurity training.

3. Use of personal devices

Employees often use unsecured personal devices for work tasks. In 2024, 83% of companies experienced at least one incident linked to personal gadget access. For instance, a Disney employee accidentally downloaded malware onto a personal computer, giving hackers access to their password manager. As a result, over 44 million internal Disney messages were stolen.

What to do: Companies should establish a clear BYOD (Bring Your Own Device) policy and enforce device management protocols.

4. Malicious actions by former employees

Former employees who retain access to company systems can cause significant damage, including intentional data deletion, theft of confidential information, or acts of sabotage.

What to do: Immediately revoke all access to corporate systems and databases upon any employee's departure, change all relevant passwords, and conduct regular penetration testing to detect lingering vulnerabilities.

5. Ignoring updates and patches

When employees fail to update software promptly, they leave company systems exposed to cyberattacks. Outdated software often contains known vulnerabilities that hackers can easily exploit. For example, in May 2021, Colonial Pipeline was attacked due to an outdated VPN lacking two-factor authentication, resulting in a multi-day fuel pipeline shutdown and a ransom payment of nearly $5 million.

What to do: Use automated update systems, provide ongoing employee training, and conduct regular vulnerability assessments to reduce exposure.