Most of the leaks come from outside the organization, and cyber attacks against small and medium-sized enterprises (SMB) are still ongoing. Some people believe that hackers are actively targeting these smaller companies because they believe that SMEs lack sufficient resources and enterprise-level security tools, so they are more likely to be targeted than large companies.
For details, please refer to the below link: