From the Introduction: "Some of the most damaging cybersecurity threats do not originate from malevolent external actors, but from organizational insiders and third parties, whether malicious or negligent. One high-profile recent report attributes more than 50 percent of security incidents to insider threats, while 28 percent of data breaches are insider driven. However, these figures likely reflect the low end of how damaging insiders can be to an organization, as organizations often do not disclose insider actions externally. [...] To reduce the risk from insider threats, organizations need to turn security inside out, building a strong security culture with organization-wide collaboration and employee buy-in. The following report describes the threat posed by insiders, highlights the importance of physical security personnel cooperating with information technology (IT) teams, and advocates a three-pillared approach based on deterrence, detection, and mitigation."
Overseas Security Advisory Council: https://www.osac.gov/