The so-called insider threat is more likely to be an accident than a malicious attack, according to IDC research.
More than half (52 per cent) of organisations described their insider threat incidents as most likely to be accidental, according to a survey. Just the 19 per cent believed that incidents were mostly deliberate.
IDC warned companies against making malicious insider attacks their priority, as accidents could be more damaging.
Insider risk is where employees are the cause of damage to a company because of access to confidential data or important IT systems.
The RSA-sponsored survey also said that 82 per cent of decision makers didn't know whether incidents involving contractors were more likely to be accidental or deliberate.
"One of the key challenges a lot of these organisations have when they are dealing with contractors or temporary employees is that you have to give them access to systems," said Chris Young, senior vice president for RSA products, speaking to IT PRO.
"But when they leave, it's not always so simple in terms of revoking access or credentials, because of the number of systems these people might get access to over the course of engagement with an organisation."
In the past 12 months the 400 respondents admitted to 6,244 incidents of data loss, as well as 5,830 malware or spyware attacks from within the enterprise.
The total number of security incidents was 57,485, with 40 per cent of businesses planning to increase spending this year.
