Dominic Trott (Research Director, European Security & Privacy)

Six years after the Snowden revelations, insider threats still preoccupy the thoughts of European security decision makers. After ransomware and malware — the two most commonly seen vectors for breaches — malicious insiders are the threats that European enterprises are most concerned by.


With thermometers hitting record levels all across Europe, it is the perfect time to take the temperature of the region’s security market. One of the hottest findings from this year’s European security survey, gathering the insights of 700 security decision makers from across the region, relates to the interplay of which threat vectors enterprises fear and which vectors they have suffered breaches through.

Perhaps unsurprisingly it is ransomware and malware that enterprises are most concerned by. These threat vectors are cited as a concern by 74% and 73% of respondents respectively, following on naturally from the finding that these are the two attack types that have been suffered most in the past two years (by 43% and 42% of respondents in turn). However, when we look at the next most cited concern (and the next most frequently suffered attack), there is a bit of a surprise: instead of phishing or unwitting insiders (i.e., poor security hygiene), it is malicious insiders — cited by 70% of respondents as a concern, and with 33% of respondents suffering attacks through this vector.

This focus on malicious insiders is an interesting development given the imbalance when comparing the degree of concern with the frequency of impact. While malicious insider threats are cited by just a fraction fewer respondents as a concern, there were considerably fewer attacks through this vector in the past two years. This suggests that, while malicious insider attacks may occur less frequently than ransomware and malware attacks, their impact may be higher.

Here, we need to consider the motivation behind these attacks. For ransomware, in particular, the motivation may simply be to cause distraction and damage to the subject of the attack. However, malicious insider attacks come from two primary sources: on one hand, they may be launched by disgruntled employees seeking to cause embarrassment and reputational damage, or they may be initiated by malicious third parties who have either compelled or incentivised employees to launch specific attacks on potentially high-value targets.

So, what is to be done to resolve this challenge? IDC has three key recommendations.

  • First, there are technologies available out there to help deal with this. For example, more analytics-based products focusing on pattern and anomaly detection can help to detect unusual, suspicious and unwanted behaviour.
  • Second, better integration between security products can elevate them to become more than merely the sum of their parts. This helps, for example, to share threat intelligence between different protection layers to encourage faster, more accurate responses.
  • Finally, and most importantly, enterprises must focus on launching security education and awareness initiatives. Helping employees in general to understand the importance of security and to establish security hygiene as part of “business as usual” is critical in establishing a culture and environment that is secure by design. In this way, ransomware, malware and insider attacks are less likely to address the enterprise in the first place if security can, in effect, “recruit” the workforce to work on their behalf.



Upcoming Security Events



If you want to learn more about this topic or have any questions, please contact Dominic Trott or head over to and drop your details in the form on the top right.