What is an Insider Threat?

An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.

Recent insider threat statistics reveal that 69% say their organizations have experienced an attempted or successful threat or corruption of data in the last 12 months. Discover more Insider Threat Statistics.

Definition of an Insider

A current or former employee, contractor, or business partner who has or had authorized access to the organization’s network, systems, or data. Examples of an insider may include:

  • A person given a badge or access device
  • A person whom the organization supplied a computer or network access
  • A person who develops products and services
  • A person who is knowledgeable about the organization's fundamentals
  • A person with access to protected information

Definition of an Insider Threat

When an insider intentionally or unintentionally misuses access to negatively affect the confidentiality, integrity, or availability of the organization’s critical information or systems.

Your biggest asset is also your biggest risk. The root cause of insider threats? People. Yet most security tools only analyze computer, network, or system data.

Threats can come from any level and from anyone with access to proprietary data 25% of all security incidents involve insiders.[1]

Who Are Your Insiders?


  • Privileged users, such as IT team members and superusers
  • Knowledge workers, such as analysts or developers
  • Resigned or terminated employees
  • Employees involved in a merger or acquisition

Third Parties

  • Vendors
  • Contractors
  • Partners

Types of Insider Threats:

According to IBM, there are two major types of insider threats: malicious and inadvertent.


    Common Goals:

    • Sabotage
    • Intellectual property (IP) theft
    • Espionage
    • Fraud (financial gain)


    Common Situations:

    • Human error
    • Bad judgment
    • Phishing
    • Malware
    • Unintentional aiding and abetting
    • Stolen credentials
    • Convenience

    Insider Threat Statistics:

    One-third of all organizations have faced an insider threat incident.[2] The rest probably just don’t know it yet.


    of incidents where private or sensitive information was unintentionally exposed[3]


    of incidents where employee records were compromised or stolen[3]


    of incidents where customer records were compromised or stolen[3]


    of incidents where confidential records (trade secrets or intellectual property) were compromised or stolen[3]

    Decrease your risk immediately with advanced insider threat detection and prevention.

    Who is at Risk of Insider Threats?

    • Financial Services
    • Telecommunications
    • Technical Services
    • Healthcare
    • Government

    How to Stop Insider Threats

    To stop insider threats–both malicious and inadvertent–you must continuously monitor all user activity and take action when incidents arise.

    The potential risks of insider threats are numerous, including installing malware, financial fraud, data corruption, or theft of valuable information. To counteract all these possible scenarios, organizations should implement an insider threat solution with 6 key capabilities:

    Detect Insider Threats

    Uncover risky user activity by identifying anomalous behavior.

    Investigate Incidents

    Investigate suspicious user activity in minutes—not days.

    Prevent Incidents

    Reduce risk with real-time user notifications and blocking.

    Protect User Privacy

    Anonymize user data to protect employee and contractor privacy and meet regulations.

    Satisfy Compliance

    Meet key compliance requirements regarding insider threats in a streamlined manner.

    Integrate Tools

    Integrate insider threat management and detection with SIEMs and other security tools for greater insight.

    Are you ready to decrease your risk with advanced insider threat detection and prevention? Let us walk you through our Proofpoint Insider Threat Management and answer any questions you have about Insider Threats.

    Insider Threats FAQs

    How many potential insider threat indicators are there?

    Any user with internal access to your data could be an insider threat. Vendors, contractors, and employees are all potential insider threats. Suspicious events from specific insider threat indicators include:

     - Recruitment: Employees and contractors can be convinced by outside attackers to send sensitive data to a third party.

     - Voluntary: Disgruntled and dissatisfied employees can voluntarily send or sell data to a third party without any coercion.

     - Unknowing: Due to phishing or social engineering, an individual may disclose sensitive information to a third party.

    What advantages do insider threats have over others?

    Because insiders have at least basic access to data, they have an advantage over an external threat that must bypass numerous firewalls and intrusion detection monitoring. The level of authorized access depends on the user’s permissions, so a high-privilege user has access to more sensitive information without the need to bypass security rules.

    What is not considered a potential insider threat?

    External threats are definitely a concern for corporations, but insider threats require a unique strategy that focuses on users with access, rather than users bypassing authorization. Attacks that originate from outsiders with no relationship or basic access to data are not considered insider threats. Note that insiders can help external threats gain access to data either purposely or unintentionally.