Categories of Insider Threat

All organizations are vulnerable to insider threats, whether it is a careless employee unintentionally clicking on a phishing email or a disgruntled staffer revealing classified information to a competitor. However, the harm from these threat actors can be substantial, from shaken consumer confidence to millions of dollars in lost IP investment.

Developed by INSA's Insider Threat Subcommittee, Categories of Insider Threats broadly characterizes the nature of insider threats facing organizations with common terms, in order to facilitate information-sharing and learning. Until now, no uniform lexicon existed to characterize the different types of insider threats. This lack of standardized terminology hinders development of best practices, as organizations often develop their own categories and terms. Using the Categories of Insider Threats will help organizations of all sizes facilitate sharing of insider threat program best practices and lessons learned.

Learn more about the Insider Threat Subcommittee.