IT budgets are ballooning to combat what corporations see as their greatest threat: faceless, sophisticated hackers from an outside entity as the number of reported data breaches continues to blitz U.S. companies — over 6 million records exposed already this year, according to the Identity Theft Resource Center.

In about 50 percent of all security incidents – any event that compromises the confidentiality, integrity or availability of an information asset — are caused by people inside an organization, according to Verizon’s 2015 Data Breach Investigations Report.

Roughly 20 percent are considered insider misuse events, where employees could be stealing and/or profiting from company-owned or protected information while about 30 percent of all cases are due to worker negligence like delivering sensitive information to the wrong recipient or the insecure disposal of personal and medical data.

“The Insider Misuse pattern shines a light on those in whom an organization has already placed trust. They are inside the perimeter defenses and given access to sensitive and valuable data, with the expectation that they will use it only for the intended purpose. Sadly, that’s not always the way things work,” Verizon said in the report.

Many “insider” end users — essentially anyone at a company other than an executive, manager, finance worker, developer or system administrator — carrying out the majority of such acts are involved with most insider attacks and not only the cashiers, the Verizon report found out for the first time since 2011.

“Criminals have a different motivating factor. There are a number of jobs that pay minimum wage where individuals have access to this type of information, and so the incentive may be ‘this isn’t a job that is paying me enough to support myself,” said Eva Velasquez, CEO and president of Identity Theft Resource Center, a non-profit charity that supports victims of identity theft.

“There are a number of jobs that pay minimum wage where individuals have access to this type of information, and so the incentive may be ‘this isn’t a job that is paying me enough to support myself.”-Eva Velasquez, CEO and president of Identity Theft Resource Center

The industries hit hardest by insider incidents in 2015 were the public sector, health care and financial services — like credit card companies, banks, and mortgage and lending firms, according to the Verizon report.

According to the Identity Theft Resource Center, insider jobs in hacking tends to peak during recessions and drop off when times are good because it notes that the number of breaches and hacks by outsiders has skyrocketed since 2007 in tandem with the surging digitization of information, the percentage of insider attacks hit a high of roughly 17 percent; after a three-year slide, in 2009.

“When the economy isn’t doing well, you’ll see people that are feeling stressed and taking advantage of opportunities they might not take advantage of otherwise,” said attorney James Goodnow from the Lamber Goodnow team at law firm Fennemore Craig.

“As business processes have started to rely more on information and IT, the temptation, the desire is to give people access to everything [because] we don’t want to create any friction for users to do their jobs,” said Robert Sadowski, director of marketing and technology solutions at security firm RSA.

For Kate Borten, founder of Marblehead Group consultancy and a member of the Visual Privacy Advisory Council, the focus is in preventing the display of sensitive data in plain sight — say an employee seeing a confidential record as they walk by a colleague’s computer. A clean desk policy  – ensuring that workers file away papers containing customer data before they leave their desk, can be a solution for this, she claims. She adds that switching to an e-faxing system, which eliminates the exposure of sensitive patient data on paper that’s piled up around traditional fax machines and implementing inactivity time outs for any tech devices are the other solutions.

(Adapted from CNBC)