The Types of Insider Threat

Monitoring people

The Types of Insider Threat Shocked when you discover you made a mistake

Insider Threat can be damaging to an organisation’s operations, profitability, and public image. While it can be a complex subject, there are three common types of insider threat:tion.

  1. Negligent
  2. Malicious
  3. Infiltrator

No matter which types your organisation is being affected by, they are all capable of gaining access to confidential information about the security practices, data, systems, and materials utilised by the organisation. These threats can come in the form of fraud, identity, information or material theft, or sabotage.

Let’s expand on each type of insider threat.

Stealing confidential informationNegligence

The majority of negative incidents involving employees, or third parties, are the result of well-meaning individuals making honest mistakes. This is why most organisations place such high value in training their employees. Training is a tool that aims to minimise the number of human errors that occur throughout any given organisational process. A well-trained and engaged employee is less likely to get things wrong or to act negligently.
Despite the efficacy of training programs, negligence remains the most common form of insider threat. As much as we may feel the consequences of the harm to our organisation, it is often done without any malicious intent.


The unfortunate truth is that not all harm is the result of honest mistakes. Malicious insiders have a distinct intent to exploit their trust and access to information in order to cause harm to an organisation. A malicious insider can be an employee, a former employee, a contractor, or a business partner.

In assessing malicious insider threats, we can learn quite a bit about the strengths and weaknesses of our own organisations. Many malicious insiders were at one point engaged with the business without any intent to do harm. However, something changed during the course of their time and career that led to them making a conscious decision to hurt the company. There are many sources of grievances, and they could stem from environmental changes at home, work, or in their personal lives. The proverbial “disgruntled employee” comes to mind in this situation.


The infiltrator is the least common but often most dangerous threat to an organisation. These are external impostors who somehow gain access credentials without being formally authorised.

If you’ve ever had your employee user access credentials compromised, or if you know someone that has, it is likely that it was done by an infiltrator. Essentially, an outside party has obtained credentials such as usernames and passwords and is using them to hurt the company. This could have been carried out through hacking, phishing, or other forms of corporate espionage.

You’ve probably heard of phishing, but if you don’t know what it is, it is a fraudulent practice of disguising one’s self as a reputable company through email correspondence. These emails are used to collect confidential personal information such as passwords and credit card numbers. A phishing email may even be disguised as your own organisation. For example, it may come across as your IT team looking to verify your username and password.

Common LanguageTime for something new

You may be noticing that I am using a lot of industry terminology and jargon and breaking it down into simpler terms. My intent is to focus on Common Language, which I believe to be of utmost importance these days, because it is so easy to get lost in jargon and marketing hype. When things become lost in translation of technical terms, they are more difficult to understand and thus more difficult to apply to individual situations.

A lack of common language can cause you to sign off on items and agreements that aren’t exactly clear to you or your organisation. This creates incongruent expectations and can lead to work being done the wrong way, disappointing to all parties involved. I am sure organisations would love if this if it worked in their favour and meant that employees went above and beyond to do more work than expected, but the reality of the situation is that this rarely happens. People don’t want to put in more work than they are being paid for, and that is understandable.

This is where the idea of common language comes into play. Before agreeing to terms or embarking on a major project, employees and organisations should ensure that they understand both the scope of the work and the expectations. They can do so by removing industry jargon and breaking down technical aspects into simpler language. This isn’t mean to be a patronising act, but rather one that seeks to thoroughly understand the work and assessments involved.

When it comes to insider threats, it is vital to utilise common language so that all parties involved with an organisation understand the severity and have an idea of how to prevent it. Many experts on insider threat see language as a common challenge across departments and industries. Organisations may not want to use harsh language that sounds accusatory, and employees may not want to mistakenly use terms that seem to implicate themselves, even if they have no intentions of doing harm. Because of these language gaps, the topic of insider threat is often murky and subjective, leading people to avoid it altogether.

This avoidance is the opposite of what an organisation wants. Instead of allowing this to happen, it is important to improve the language and narrative around insider threat to encourage more engagement on the topic. From there, organisations can make their employees more knowledgeable and prepare them more thoroughly to deal with insider threats. If they better understand the terminology, they will have the skills required to make informed decisions when faced with an insider threat situation.

This extends to management, as common language will help them to put together effective programs based on the requirements of their individual organisation. Settling for jargon and unclear instructions just means that insider threats will be more likely to pop up throughout the life of the organisation. Breaking things down into simpler, more universal terms will help managers and employees alike to identify insider threats in a more proactive manner.

I would welcome the opportunity to learn more about your experiences; have you found information that has been lost in translation because of the jargon? Where lies your frustration when it comes to information relating to insider threat or other risk management areas?

If you have found value in what we have shared, feel free to check out other blogs by the Unearth team and subscribe to our Newsletter. And if interested in the book ‘Risk Starts and Ends with People’ being released September 2021 then feel free to reach out to learn more or share your thoughts on the blog or any information we have provided, we would welcome hearing from you through




About the Author

Featured Posts

Unearth your organisation’s greatest defence against risk. Your people.