A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates.
An insider threat specifically refers to the malicious aspect of insider risk, where trusted individuals intentionally abuse their authorized access to harm the organization. According to Verizon's 2024 DBIR, 28% of data breaches are driven by human errors, while malicious insider incidents cost organizations significantly more than external attacks. This can include stealing intellectual property, committing fraud, selling sensitive data, or sabotaging systems. Ponemon Institute's 2025 research indicates that malicious insider incidents take an average of 91 days to contain, making early detection critical.
The potential for harm to an organization from people who have authorized access to its assets, including employees, contractors, and business partners.
A user account that has been granted administrative privileges to access systems, applications, or data beyond what is available to standard users.