Google Answers Logo
View Question
Q: IT security breaches - internal vs. external ( Answered 5 out of 5 stars,   2 Comments )
Subject: IT security breaches - internal vs. external
Category: Computers > Security
Asked by: cerebrate-ga
List Price: $5.00
Posted: 13 May 2002 04:52 PDT
Expires: 20 May 2002 04:52 PDT
Question ID: 15439
How many (absolute or percentage) network break-ins or other IT
security breaches are the result of internal attacks (employees,
former employees, etc.) as opposed to external attacks?

(If possible, please supply a source I can quote to a manager and
expect it to be understood.)

Clarification of Question by cerebrate-ga on 13 May 2002 04:59 PDT
Oops - I also meant to ask for break-ins specifically in small to
medium-sized companies, sub 500 users, if possible. If not, general
answers will do just fine.
Subject: Re: IT security breaches - internal vs. external
Answered By: juggler-ga on 13 May 2002 22:15 PDT
Rated:5 out of 5 stars
There are a variety of statistics on this issue. Here are some
selected quotes:

"According to the [FBI and the Computer Security Institute (CSI) 2001]
survey, twice as many respondents cited their Internet connection as a
more frequent point of attack as those who said assaults came from
within their internal systems." From:

Concerning the same FBI/CSI report:
"For the fifth year in a row, more respondents (74%) cited their
Internet connection as a frequent point of attack than cited their
internal systems as a frequent point of attack (33%)." From:

"Industry research indicates over 65% of all reported security
breaches occur from within the network, such as password security
leaks." From:

"Information breaches come equally from internal and external
sources... Five years ago, the ratio of inside to outside attacks was
70/30. Today, the ratio is about even, but the total number of attacks
has increased internally and externally as the availability of
automated attack tools has increased." From:

"Nearly 50 percent of the companies surveyed experienced attacks
against their Web servers from external sources in 2001, up from 24
percent in 2000, [according to a July-August 2001 Information Security
magazine survey]... Security threats from those inside the company
were more varied and frequent, but somewhat less serious, the study
found." See article at:

"[UK's  Department for Trade and Industry's annual Information
Security Breaches report] showed that 48% of large companies blame
their worst security incident on employees. By contrast, the 2001
edition of the survey showed that 75% of those questioned named
external hackers and criminals as the biggest threat to security."

"The problem of internal hacking (unauthorized access by authorized
users) consistently outweighs the problem of external hacking."[citing
NCSA Firewall Policy Guide Version 1.01]  From:

Search terms used: network security breaches internal external
Additional search terms: network "internal hacking" external 

I hope this helps.
cerebrate-ga rated this answer:5 out of 5 stars
Thanks muchly! Exactly what I was looking for.

Subject: Re: IT security breaches - internal vs. external
From: fly41-ga on 13 May 2002 05:10 PDT
 The following URL points to some research that was done on internal
attacks. The answer you need MAY be in there, but the file itselsf is
passworded! You need to be one of their clients to view it. You may
get a start from there though.
Good luck.

Subject: Re: IT security breaches - internal vs. external
From: passive-ga on 13 May 2002 07:12 PDT
Since I can't officially answer yet, I might as well provide you with
a little information.
Well, specifically, go here:
Fill out their form to get the full report.
And a good summation regarding your specific question (In the UK,

I remembered reading the latter article, and that brought me to the
Computer Security Institute, which has the report.

Hope this helps,

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy