Security Process
Security Personnel
04 People Risk

Understand the Risk People Pose to Your Organisation

People are often said to be an organisation's greatest asset, but they can also be a weakness. Insider threats come from current and former employees, contractors, or business partners who may misuse their knowledge or access to harm people, customers, assets, or reputation.

An 'insider threat' is any person who exploits, or intends to exploit, their legitimate access to an organisation's assets to cause harm, either wittingly or unwittingly, through espionage, unauthorised disclosure of information, or degradation of a resource or capability.

Studies show that most insiders who breach security usually had no malicious intent when they began working. They may become apathetic or 'go bad' due to later events.

Common Ways an Insider May Breach Security

Common insider acts include:

  • Unauthorised disclosure of official, private, or proprietary information
  • Fraud, process corruption, or economic/industrial espionage
  • Theft, violence, or physical harm to others

Common Reasons an Insider May Breach Security

Insiders are usually motivated by a mix of factors and pressures, such as:

  • Revenge against an employer or colleagues
  • Fear of job loss
  • Greed or financial gain
  • Political or religious ideology
  • Ego or notoriety
  • Coercion or manipulation from a third party

Investigations often find a pattern of past security-related behaviour. In some cases, individuals have been flagged by previous managers.