Insider threats: types, warning signs and examples

Eftsure   |   May 22, 2024
Insider threats: types, warning signs and examples

Written by Shanna Hall from Eftsure

When it comes to security threats and fraud risks, we often talk a lot about hackers and people outside of businesses breaking into companies’ networks to steal information and data – but a very, very real threat lies within every single organisation.

Threats from employees and other trusted insiders are on the upswing, and businesses need to safeguard against them. Let’s look at the different types of insider threats and the warning signs you should be considering.

What is an insider threat? Defined

An insider threat is exactly what it sounds like – a security risk inside your organisation. It could be a disgruntled or compromised current or former employee or a business partner or associate who misuses legitimate access to your network.

However, not all insider threat incidents are deliberate – in fact, the most common insider threats come from employees who unintentionally provide access to cybercriminals.

Insider threat statistics

The insider threat is increasing, with 74% of businesses reporting more frequent insider threat cases in 2023 than in previous years, and 48% of businesses believing insider threats are more difficult to detect and prevent than external cyber attacks.

Different types of insider threats

While there are several subsets of insider threats, they fall into two categories – malicious and unintentional.

Intentional insider threats

Otherwise known as a malicious insider threat, this type of insider threat involves deliberate efforts to exploit an employee’s proximity to organisational processes and information. In these cases, an employee, contractor or third-party business uses legitimate credentials to access – or facilitate access to – sensitive and confidential information with malicious intent, which is what we saw in the case of the National Maritime Museum.

The motivation for a malicious insider attack can vary. For example, it could be a disgruntled employee who wants to sabotage the business to get even for a perceived lack of recognition or reward, or a former employee who feels unjustly treated.

Malicious insiders are incredibly dangerous as they have an advantage over external attackers, given their knowledge of a company’s security policies and procedures – and, as a result, its areas of weakness.

Compromised insider

One subset of malicious insider threats involves criminal coercion. For example, an employee or other person with access may be paid, bribed or blackmailed to provide access to hackers, competitors or nation-state actors to cause business disruption, leak customer information, and steal intellectual property and other confidential information.

This can also happen through credential theft, wherein cybercriminals steal the username and password of a targeted individual. They can accomplish this by using tactics like phishing or malware, tactics that artificial intelligence (AI) is helping them turbo-charge.

Research from Ponemon and Proofpoint indicates that credential theft is on the rise, with incidents doubling since 2020 and costing an average of $670,600 per incident.

Don't miss our upcoming webinar about how to safeguard your company against increasingly complex cyber fraud tactics. Register now

Unintentional insider threats

Human error accounts for 90% of cyber attacks, and unintentional insider threats are the primary risk for businesses when thinking about insider threats.

Unintentional insider threats aren’t deliberate or malicious, but they account for the vast majority (87%) of insider attacks. Typically they result from negligent or accidental behaviour.

Examples of negligent insider activity

Negligent insiders don’t necessarily have malicious intent – however, through carelessness or maybe even a flagrant disregard for security procedures or protocols, they create opportunities for unauthorised access.

Negligent insiders may misplace or lose a company laptop or storage device, ignore software updates and patches, or not follow multi-factor authentication requirements.

To illustrate, research shows that around 50% of people give family and friends access to work-issued devices.

Examples of accidental unintentional insider threats

An accidental unintentional insider threat comes from an insider making a genuine mistake. For example, clicking on a malicious link, inadvertently infecting the business’s systems, or sending confidential or sensitive information to an incorrect email address.

How do you spot malicious insider threats?

Insider threats can be difficult to detect, given that access to sensitive information and systems is genuine – however, there are some things to be on the lookout for.

Key signs that might point to a malicious insider

  • Accessing systems at unusual times. If, for example, an individual accesses your network remotely late at night or on weekends, it could be a sign of a malicious insider.
  • Data transfer levels. Unusual levels of information being downloaded or transferred should be investigated.
  • Activity type. If an individual is accessing information they shouldn’t be or shouldn’t need to, it could point to a malicious insider.
  • Disgruntled employees. Employees who have, for example, been recently disciplined, not selected for a promotion or a salary increase, or otherwise feel unfairly treated, may be tempted to seek revenge on their employer.
  • Stressed employees. Similarly, employees who are experiencing financial stress or hardship may be tempted by or vulnerable to approaches to provide unauthorised access to a business’s systems.

Insider threat risk – it’s a people and culture issue, too

Cyber security is a company-wide responsibility, and people and culture (that is, HR) departments have a critical role to play. From ensuring everyone within the organisation is conscious of and is prioritising cyber security to minimise unintentional cyber threats, to the early identification of people who may pose a malicious insider threat, people and culture can play a key role in helping reduce the insider threats a business faces.

In summary

  • Insider threat cases are increasing, and are considered more difficult to prevent than external attacks.
  • Malicious insider threats are extremely dangerous, not to mention challenging to detect and prevent. Employees need access to systems and networks, but this creates vulnerabilities that can be exploited.
  • Unintentional insider threats are often the byproduct of a lack of awareness and care, and need to be addressed culturally, as well as through the training and communication component of an insider threat program.
  • By taking positive steps to understand your business’s critical assets and the protections in place around them, businesses can begin to tackle the very real risks that come from insider threats.

Don't wait for a costly cyberattack. Secure your supply chain today!

Register for the FREE Eftsure Supply Chain Security Webinar.

Eftsure is Australia's market leader in payment fraud prevention. Specifically designed for businesses, Eftsure's end-to-end solution safeguards more than $216b in B2B payments per year. Eftsure's mission is to build a safer business community. With a large and continuously growing database of verified supplier details (the only one of its kind), Eftsure uses multi-factor verification to give businesses greater knowledge and control over onboarding suppliers, receiving invoices and making payments. In short, Eftsure ensures our customers never pay the wrong people.

Related Articles

Technology, Risk mitigation
Webinar recap: Billions at risk - Sleeping security threats lurking in your supply chain


It was a great pleasure to host Gavin Levinsohn, Chief Growth Officer at Eftsure, as he presented to our audience an insightful and informative session about the growing rate of cybercrime and risks exposed to your organisation and supply chain. 

Gavin’s presentation was brought to life with real case studies and examples, highlighting the fact the threat of cybercrime is a real and a good strategy is essential to keep your employees knowledgeable and your organisation safe. As Gavin explains in his webinar, a good cybercrime strategy is broader than Felix and Eftsure but the tools we offer are key components in that journey. 

Risk mitigation
From chaos to control: Mastering the art of vendor onboarding


Vendor onboarding is more than just getting a new supplier up to speed. It's the foundation for a successful, long-term relationship that fuels your supply chain efficiency and delivers value to your bottom line.

In this article, we'll explore strategies to overcome common challenges, leverage technology for efficiency, and continuously improve your approach.

Felix News
Webinar recap: Product Showcase March 2024

On 19 March we hosted our third webinar in the series – Evolving Felix, a Product Showcase. 

Let's stay in touch

Get the monthly dose of supply chain, procurement and technology insights with the Felix newsletter.