skip to main content


The cyberthreat landscape is packed full of exciting headlines – nation states, organized criminal groups, a Mr Robot character with incredible hacking abilities. The reality is peppered with more mundane threats, including those from within the organization.


  • The insider threat is not always malicious, with intent to harm.

Features and Benefits

  • Discusses the different types of insider threat.
  • Analyzes security controls covering technology, people, and process.

Key questions answered

  • What is the potential impact of the insider threat?
  • How can the insider threat manifest in the organization?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for technology vendors
  • Recommendations for enterprise service providers
  • Recommendations for enterprises

Threats originate within and beyond an organization and are not always malicious

  • Insiders have privileges that outsiders do not
  • What is an insider threat?
  • Outsider threats grab the headlines
  • Insider threats are often neglected

Insider threats can manifest themselves in different ways

  • The malicious insider
  • The sloppy insider
  • The unintentional insider

Organizations need to assess the risks presented by insider threats and apply security controls

  • Know the risks to determine the controls
  • Apply appropriate security controls


  • Methodology
  • Further reading
  • Author