What Is an Insider Threat in Cyber Security?

An insider threat in cyber security originates from someone who works in your organization or has inside access to your networks, such as a vendor, client or former employee.

Insider threats account for an estimated one-third (33 percent) of all cyber attacks. This type of threat is becoming a growing concern, increasing as much as 47 percent over the last couple of years. Recent cybersecurity surveys show that 66 percent of organizations consider insider attacks to be more likely than external ones.

Insider threats can be broken down into two categories: intentional and unintentional. Intentional insider threats primarily come from employees who feel they’ve been wronged in some way. They might leak sensitive information, harass associates, sabotage equipment or even perpetuate violence against those they’ve perceived to have been malicious towards them. 

Unintentional insider threats happen through negligence or by accident. Negligent threats come from employees who might not follow common security protocols, including not using multi-factor authentication (MFA), allowing someone to piggyback through a security point, ignoring messages to install new updates and security patches, or even using insecure public Wi-Fi. An accidental threat comes through an employee who may mistype an email address and accidentally sends a sensitive business document to a competitor, or inadvertently click on a hyperlink, opening an attachment that contains a virus within a phishing email.