Insider threats refer to cybersecurity risks that originate from within an organization, and they can manifest in various ways, including violence, espionage, sabotage, theft, and cyber acts. Insider threats can be intentional or unintentional, and they can come from employees, contractors, business partners, or other insiders with authorized access to an organizations systems, data, or facilities. Insider threats can be classified into three categories: malicious insiders, negligent insiders, and infiltrators. Malicious insiders intentionally misuse their access to harm an organization, while negligent insiders create security threats through ignorance or carelessness. Infiltrators are external actors who obtain legitimate access credentials without authorization.

Insider threats are a significant concern for organizations, and they can cause data breaches, compromise confidentiality, availability, and integrity of enterprise systems and data. Insider threats are executed in part or in full by fully credentialed users, making it difficult to separate careless or malicious insider threat indicators or behaviors from regular user actions and behaviors. Organizations must tackle insider threats with at least as much rigor as they do external threats.

To mitigate insider threats, organizations can establish insider threat mitigation programs that define insider threats, identify potential insider threats, and implement measures to prevent, detect, and respond to insider threats. These measures can include access controls, monitoring and auditing, employee training and awareness, and incident response plans. Insider threat research is an active area of research in academia and government.