What is Insider Threat?

What is an Insider Threat?

An insider threat happens when someone who is close to an organization, and who has authorized access, misuses that access to negatively impact the organization’s critical information or systems.
US-CERT: Insider Threat

69% say their organizations have experienced an attempted or successful threat or corruption of data in the last 12 months.

Source: Accenture

Definition of an Insider

A current or former employee, contractor, or business partner who has or had authorized access to the organization’s network, systems, or data.

Definition of an Insider Threat

When an insider intentionally or unintentionally misuses access to negatively affect the confidentiality, integrity, or availability of the organization’s critical information or systems.

Your biggest asset is also your biggest risk.

The root cause of insider threats? People.

Yet most security tools only analyze computer, network, or system data.

To stop insider threats–both malicious and inadvertent–you must continuously monitor all user activity and take action when incidents arise.

Threats can come from any level and from anyone with access to proprietary data

25% of all security incidents involve insiders.

Source: Verizon DBIR 2017

Know what your users are doing today!

Test Drive ObserveIT Free

Who are your insiders?


  • Privileged users, such as IT team members and superusers
  • Knowledge workers, such as analysts or developers
  • Resigned or terminated employees
  • Employees involved in a merger or acquisition

Third Parties

  • Vendors
  • Contractors
  • Partners

Test Drive ObserveIT

There are two major types of insider threats: malicious and inadvertent. Source: IBM


Common Goals:

  • Sabotage
  • Intellectual property (IP) theft
  • Espionage
  • Fraud (financial gain)


Common Situations:

  • Human error
  • Bad judgment
  • Phishing
  • Malware
  • Unintentional aiding and abetting
  • Stolen credentials
  • Convenience

One-third of all organizations have faced an insider threat incident.* *Source: SANS

The rest probably just don’t know it yet.

50% of incidents where Private or sensitive information was unintentionally exposed

40% of incidents where Employee records were compromised or stolen

33% of incidents where Customer records were compromised or stolen

32% of incidents where Confidential records (trade secrets or intellectual property) were compromised or stolen

Source: 2016 U.S. State of Cybercrime Report, CSO Magazine

Decrease your risk immediately with advanced insider threat detection and prevention.

Who is at Risk

  • Financial Services
  • Telecommunications
  • Technical Services
  • Healthcare
  • Government

How to Stop Insider Threats

Detect Insider Threats

Uncover risky user activity by identifying anomalous behavior.

Investigate Incidents

Investigate suspicious user activity in minutes—not days.

Prevent Incidents

Reduce risk with real-time user notifications and blocking.

Protect User Privacy

Anonymize user data to protect employee and contractor privacy and meet regulations.

Satisfy Compliance

Meet key compliance requirements regarding insider threats in a streamlined manner.

Integrate Tools

Integrate insider threat detection with SIEMs and other security tools for greater insight.

Learn More

4/26 11am ET Spies Among Us: Defending Against State-Sponsored Insider ThreatsRegister Now