The use of information and communication technologies in business has opened several new ways for employees to commit cybercrimes against their employers. Utilizing opportunity theory, the current paper investigates the characteristics of businesses victimized by employee-committed cyberattacks and compares insider- and outsider-committed cybercrime in terms of the damage they cause to the business. We used online sampling to obtain information on 350 businesses in the Commonwealth of Virginia, revealing 29 outsider cases and 17 insider attacks that were clearly identified. We found that insider attacks were more costly, resulting in more damage than external attacks; the most frequent attack type was impersonating the organization online for insiders, and viruses, spyware, and malware for outsiders. Our data suggested restricting personal devices, making cybersecurity a priority, cybersecurity updates among management, and employee training do not significantly lessen the risk or mitigate the effects of insider attacks. We suggest that organizational security culture must be refined and strengthened to identify and prevent insider attacks successfully.

信息和通信技术在商业中的使用为员工针对雇主实施网络犯罪开辟了多种新途径。本文利用机会理论，研究了受到员工网络攻击的企业的特征，并比较了内部和外部网络犯罪对企业造成的损害。我们通过在线采样获取了弗吉尼亚州 350 家企业的信息，发现了 29 起已明确识别的外部案件和 17 起内部攻击事件。我们发现内部攻击比外部攻击成本更高，造成的损害更大；最常见的攻击类型是针对内部人员在线冒充组织，针对外部人员则冒充病毒、间谍软件和恶意软件。我们的数据建议限制个人设备，将网络安全作为优先事项、管理层的网络安全更新和员工培训并不能显着降低风险或减轻内部攻击的影响。我们建议必须完善和加强组织安全文化，以成功识别和防止内部攻击。