An insider threat is a cybersecurity risk that originates from within an organization. It refers to the threat that an insider, such as an employee, former employee, contractor, vendor, or partner, will use their authorized access, intentionally or unintentionally, to do harm to the organizations mission, resources, personnel, facilities, information, equipment, networks, or systems. Insider threats can manifest in various ways, including violence, espionage, sabotage, theft, and cyber acts. There are three types of insider threats:

• Malicious insiders: These are people who take advantage of their access to inflict harm on an organization. They may attempt to steal property or information for personal gain or to benefit another organization or country. They may also plant malware or tamper with files or applications to disrupt business operations or leak sensitive data.

• Negligent insiders: These are people who make errors and disregard policies, which place their organizations at risk. They may fall for phishing attacks, bypass security controls to save time, lose a laptop that a cybercriminal can use to access the organizations network, or email sensitive information to individuals outside the organization.

• Infiltrators: These are external actors who obtain legitimate access credentials without authorization.

Insider threat is an active area of research in academia and government. Insider threats are the cause of most data breaches, and traditional cybersecurity strategies, policies, procedures, and systems often focus on external threats, leaving the organization vulnerable to attacks from within. Careless insider security threats occur inadvertently and are often the result of human error, poor judgment, or convenience. The primary focus of insider threat programs is to prevent deliberate and intended actions such as malicious exploitation, theft, or destruction of data or the compromise of networks, communications, or other information technology resources.