Insider Threat
A security threat originating from a person with authorised access to organisational resources - an employee, contractor or business partner.
What is an Insider Threat?
An insider threat is a security risk arising from the actions of individuals who have legitimate access to an organisation’s systems, data and infrastructure. An insider may be a current or former employee, contractor, business partner or service provider - anyone who has been granted some level of access and trust.
Insider threats fall into three categories. Malicious insider - a person deliberately acting to harm the organisation, motivated by financial gain, revenge, ideological convictions or recruitment by a foreign intelligence service. Negligent insider - a person whose careless behaviour (clicking on phishing, sending data to a personal email, losing a device) causes a security incident. Compromised insider - a person whose account or device has been taken over by an external attacker.
Insider threats are particularly difficult to detect because the insider uses legitimate access - they do not need to break through defences to reach confidential data. Insider Threat Programmes combine technical elements (DLP, UEBA, PAM, activity monitoring) with organisational measures (access reviews, need-to-know principle, security culture).
Why does it matter?
Insider-related incidents generate the highest average costs among all incident types because the insider already has access to the most valuable assets. Mitigating insider threat risk requires balancing security with employee trust - excessive monitoring can undermine morale, while too little can expose the organisation to losses.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.