I have no idea whether outsiders or insiders are responsible for more losses, and while the topic is somewhat interesting, it seems to me to be something of a marketing-generated distraction.
I’ve worked in environments where I am absolutely certain that insiders were the predominant threat, in environments where they probably were, and in environments where they probably were not. In no case would I have been able to conclude this from criminal prosecution data, which is what one report relies on to support it’s conclusions.
My point is that regardless of what the aggregate “threat landscape” looks like, there is no substitute for knowing your own environment, and for proper threat modeling and countermeasures.
[The image is part of a screenshot from infosecdaily.net, circa February 22, 2005]