Saw a stat that 60% of data breaches come from insider threats not hackers and I'm torn on who to trust more

I found this on a Verizon report and it's making me question if I should focus more on training my own team or locking down the network, which side do you lean toward?

2 comments

2 Comments

robertsmith18h ago

60% is a big number but those stats usually count stuff like someone clicking a phishing link as an "insider threat" which is more of a training problem than someone actually stealing data. Makes you wonder how many of those breaches were really malicious versus just somebody being careless.

jenkins.alice10h ago

Exactly, the "being careless" part is probably the biggest chunk of that 60%. Most data leaks come from someone leaving a laptop on a train or using a weak password, not some mastermind plotting to sell trade secrets. It's way more about human error than actual malice, which honestly makes the training problem even harder to fix.