This post is also available in: heעברית (Hebrew)

Internal personnel are the largest security threat to a firm, according to a recent research, with IoT devices being the most vulnerable. Even during the Corona era, when many workers moved to work from home on hybrid or full-scale models, internal cyber threats were still a global concern, with IoT devices being among the more vulnerable.

The threat of internal cyberattacks, from suppliers or employees, continues to be a global concern, with IoT devices being especially vulnerable.

Employees can also pose risks by distributing or deleting sensitive information maliciously, and more. A recent study conducted by the Phonmon Institute, published as Proofpoint’s global report on the cost of internal threats, showed that internal threats have increased both in terms of frequency and economic costs in the last two years. In a report released this year, over 1,000 IT professionals around the world responded to a survey relating to cyber security incidents caused by internal threats.

According to the survey, 63% responded that they were concerned about the loss of sensitive information caused by unmanaged IoT devices, 52% were concerned about the cloud, and 51% were concerned about the network. It was found that threats have increased by 44% in the last two years, with costs reaching over a third of a million dollars and up to 15.38 million dollars per incident.

According to, the increase in prices is due to the longer time it takes organizations to contain such incidents, a process that takes between 77 and 85 days. On an annual basis, the organization spends over $ 17 million on incidents that last longer than 90 days.

As found in the report, while employee negligence was responsible for 56% of the attacks, malware accounted for 26% of the attacks, but was more expensive for companies per incident. Apparently, the more access employees have to work outside the office, the harder it becomes to identify malicious threats.