Aon | Professional Services Practice
“The call is coming from inside the house” - Professional Service Firms and Insider Cyber Threats
Release Date: September 2025Costly insider threats are a growing challenge for professional service firms. These betrayals can be motivated by a variety of circumstances and mitigating the risk requires a sophisticated, multi-faceted approach to risk management.
Key Takeaways
- Insider events are among the least frequent, but one of the most costly types of cyber events
- The reputational impact of an insider event is potentially one of the most damaging aspects but can also trigger statutory notifications for compromise of regulated data (PII & PHI), client litigation and class action lawsuits which can all add to the potentially devastating cost
- Motivations vary, but the vulnerability is the same – a trusted individual who betrays the firm
Why Would They Betray Us?
Insider threats can be driven by a variety of motivations:
- Personal Gain – e.g. a departing employee steals information that will be valuable to them in their new role.
- Retaliation / revenge – e.g. an employee who believes they were treated badly steals information that will harm the firm’s reputation, upset a client or trigger legal and regulatory costs.
- Ideological beliefs – e.g. the “John Doe” behind the Panama Papers, who was interviewed by the ICIJ in 2022 and identified himself as a whistleblower, citing the use of shell companies by authoritarian regimes as motivation.
- Tradecraft – e.g. an employee is manipulated by an external actor to steal information for reward, under extortion, or for supposedly beneficial or principled reasons; or it may be a foreign state employee who has covertly secured a trusted position in the organization.
Motivation is most frequently associated with a decision to leave the firm. The impetus to jump ship can be driven by a variety of factors, many of which are currently at play in the professional services environment:
- Return to office policies, particularly when stricter for some groups (e.g. support staff) than others
- Job uncertainty, particularly from adoption of AI
- Layoffs and restructuring
- Mergers & Acquisitions
- Leadership decisions that don’t align with the values of the individual employee
A 2024 article in Law.com highlights some of these issues and predicts an acceleration of turnover in the legal sector.
A Stab in the Back is Worse Than a Punch in the Face
“The impact of insider risks extends beyond a data breach—it undermines trust and can irreparably harm your reputation.”
Marshall Heiman, CEO DTEX Systems
The Ponemon/DTEX 2025 Cost of Insider Risks Global Report highlights the increasing complexity and cost of insider threats. While the frequency of insider incidents does appear to have decreased, potentially because of substantially increased investment in security controls, fifty-seven percent of companies are still experiencing between 21 and more than 40 incidents per year. Despite bigger investments in insider risk management, nearly half of respondents (45%) still said the level of funding is inadequate. The IBM Ponemon Cost of a Data Breach Report 2025 emphasizes the difficulty in detecting malicious insider threats, showing that they have the second highest time to resolve of any type of attack, at 260 days.
Aon’s own CyQu Evaluation questionnaires reveal that most professional service firms have Data Loss Prevention technologies in place, but these are almost always in monitoring mode only; the typical reasoning being that having “blocking mode” enabled causes too much friction in employees’ workflow.
And More Expensive
The Ponemon/DTEX Cost of Insider Risks Global Report 2025 reports that the average annual cost of insider risks has risen to $17.4 million. Insiders can target the most valuable information and are harder to detect, making their actions much more damaging and increasing the cost of investigation and response.
The reputational impact is potentially one of the most damaging aspects of an insider event. Other possible impacts such as loss of clients, client litigation, statutory notifications for compromised regulated data (PII & PHI) and class action lawsuits can add to the devastating costs associated with an insider event.
The fallout, particularly from “bad leaver” incidents, can include contagion with increased uncertainty, precipitating additional departures and associated bad leaver activity.
Manage the Risk... Without Making it Worse
Effective management of insider risks requires a sophisticated, multi-faceted approach. Organizations must combine advanced detection technologies, continuous monitoring, and a strong emphasis on employee training and awareness.
At the same time, intense scrutiny and heavy-handed security can have a counter-productive effect. Employees may feel that they are not trusted, making it harder to do their job and creating uncertainty that the increased security and scrutiny may be a precursor to change.
The Ponemon/DTEX report outlines a framework for measuring the full cost impact of insider-related incidents, focusing on both internal cost impacts and external effects of events or attacks.
Conclusion
The current economic, technological and political environments are creating an atmosphere of uncertainty for many employees in professional service firms. This is fertile ground for insider threats, which is evident in the statistics in the reports cited above, showing the increased frequency and severity of such incidents.
Insider threats represent a significant, evolving and growing challenge for professional service firms. This in turn underlines the need for broad, proactive strategies to help manage insider risks. At the same time, an insider threat is a human response and is the product of a combination of forces that shape individual behavior, to the point that overly aggressive action to “control an issue” can itself turn into a contributory factor.
Ponemon/DTEX Cost of Insider Risks Global Report 2025 reports these key findings:
- The cost of Insider threats, both inadvertent and malicious, has risen 7.4 percent over the last two years, with average cost per incident up from $16.2 million to $17.4 million globally.
- Common reasons insiders act out include financial gain, convenience (e.g. using unauthorized AI tools to facilitate workflow), professional grievances and nationalism.
Reducing the human factor risk starts with talent management, including talent screening and selection, talent development and retention and talent assessment. Aon has a comprehensive suite of advisory services and tools to help firms manage, motivate and retain talent and thereby reducing the risk profile associated with human risk.
Contact
The Professional Services Practice at Aon values your feedback. To discuss any of the topics raised in this article, please contact Brendan Groarke.
Brendan GroarkeManaging Director
New York
About Aon
Aon (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that help protect and grow their businesses.
Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting Aon’s newsroom and sign up for news alerts here.
©2025 Aon plc. All rights reserved.
Aon is not a law firm or accounting firm and does not provide legal, financial or tax advice. Any commentary provided is based solely on Aon’s experience as insurance practitioners. We recommend that you consult with your own legal, financial and/or insurance advisors on any commentary provided herein. All descriptions, summaries or highlights of coverage described herein are for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any relevant policy. Coverage is governed only by the terms and conditions of such policy. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.
The information contained in this document and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity.
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.