Inside the Growth of Insider Threats

Navigating the risks fueled by unintentional and malicious employee acts.

Phishing Tadamichi
istock.com/tadamichi
October 22, 2025

Insider risk has become one of the most pressing cybersecurity challenges. Unlike external bad actors using compromised credentials, insider risks are often woven into daily workflows, frequently resulting from employee negligence, such as sending sensitive data through email, uploading information to personal cloud storage, or using unsanctioned SaaS or GenAI tools.

To better understand how organizations are adapting, Fortinet recently unveiled their 2025 Insider Risk Report, which reveals that while insider-driven data loss is now a common occurrence, many organizations haven’t evolved their approaches to address this issue. Some key findings include:

  • 77 percent of participating organizations experienced insider-related data loss over the last 18 months, with 21 percent reporting more than 20 incidents during that period. For many, insider incidents are not isolated events but reoccurring issues.
  • The majority of incidents (62 percent) stemmed from human error or compromised accounts rather than intentional misconduct.
  • 72 percent of responding security leaders admit they lack full visibility into how users interact with sensitive data across endpoints, SaaS applications, and GenAI tools.
  • Customer records (53 percent), personally identifiable information (47 percent), business-sensitive plans (40 percent), user credentials (36 percent), and intellectual property (29 percent) were the leading types of data loss.

A collection of industry experts recently offered their take on the report and the ongoing challenges presented from insider threats.

Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace

"The modern insider threat landscape is shaped by a convergence of global pressures—economic instability, workforce reductions, and accelerated AI adoption. These forces are placing heightened emotional, financial, and ethical strain on employees.

"Every day, organizations face a spectrum of insider risk, from accidental missteps to deliberate sabotage. The high-profile cases we see in headlines are real and damaging, but they’re relatively rare. 

"The daily reality is far more mundane: employees forwarding files to personal accounts, bypassing controls to meet deadlines, or uploading sensitive data into unsanctioned AI tools. These 'tiny crimes' are normalized behaviors that, at scale, create significant organizational risk.

"Insider threats can come from anyone with legitimate access to systems or data. Nearly every person within an organization has some characteristics associated with insider risk—whether because they have direct access to critical systems or data, or as a result of leveraging shadow IT tools on their own. 

"The modern landscape also includes synthetic insiders—AI-powered impersonations that exploit human trust with startling realism. With AI-generated voices, deepfake videos, and synthetic personas, outsiders can convincingly impersonate trusted employees.

"Traditional defenses are designed to stop external actors and often operate on the assumption that access equates to trust. This leaves organizations blind to abnormal actions that fall within normal permissions, such as an employee accessing files they are authorized to view but do not typically need. These subtle shifts are easy to overlook, yet they can be the earliest indicators of risk.

"What makes the problem even more complex is that human behavior is contextual, emotional, and adaptive. Stress, disengagement, or pressure to meet deadlines can push employees to cut corners, use unauthorized tools, or take shortcuts that put data at risk. These actions don’t always stem from malicious intent. The danger lies in this subtlety.

"AI is not only reshaping the insider threat landscape, but it is also one of the most powerful tools available to defend against it. By continuously learning the 'patterns of life', AI can surface subtle deviations that humans and static controls would miss. However, insider detection with AI must be ethical, transparent, and proportional. Monitoring should focus on metadata and behavioral patterns rather than invasive inspection. When implemented responsibly, AI allows for identifying risks early while protecting the dignity and privacy of the workforce."  

Chad Cragle, CISO at Deepwatch

"Insider threats come in many forms. Some are accidental, like the 'oops, I clicked it' employee who mishandles data, unaware of the consequences. Others are intentional: the moonlighter using company resources for side work, the rule breaker who uses unapproved tools, or the person using a mouse jiggler to fake productivity. 

"Then there are the darker motives: the disgruntled staff member seeking revenge, the opportunist chasing quick profits, the sleeper agent embedded by outsiders waiting to strike, and the true malicious insider who intentionally betrays the organization out of greed, ideology, or a desire to cause harm.

"The danger of the insider threat begins with trust. A valid login acts as the ultimate skeleton key. An insider doesn’t need to bypass defenses; they are the defense. Their actions blend seamlessly with normal operations, camouflaged in plain sight, making detection extremely difficult. 

"By the time anomalies are detected, the damage is often already done. That’s what makes insider risk so dangerous: it doesn’t just bypass your defenses; it operates from within them or, as the insider sees it, already behind enemy lines.

"When it comes to detecting malicious or unintentional insiders, you don’t look for a single smoking gun — you look for the smoke. It might be unusual file transfers at odd hours, a contractor probing systems outside their scope, or small anomalies that, when repeated over time, form a concerning pattern. The challenge is finding the right balance: staying vigilant without turning the workplace into a surveillance state."

Matthieu Chan Tsin, Senior VP, Resiliency Services at Cowbell 

"Insider threats are serious because of:

  • Access to Sensitive Systems: Insiders have legitimate access to networks and data, meaning they don't need to bypass external security measures to cause harm.
  • Evasion of Traditional Defenses: Most cybersecurity focuses on external threats, leaving organizations vulnerable to attacks from within their own trusted ranks.
  • Knowledge of Internal Vulnerabilities: Insiders are familiar with organizational processes, data, and security weaknesses, which allows them to act more effectively and go undetected.

"To detect and monitor insider threats, companies must integrate a comprehensive strategy that combines technological tools, strong internal policies, and continuous employee monitoring. This approach addresses both malicious insiders and careless employees, who are responsible for nearly half of all incidents." 

Darren Guccione, CEO and Co-Founder at Keeper Security  

"Insider threats are one of the most challenging threats to protect against as an IT professional, and it takes a multi-layered approach to effectively mitigate these risks. Because some roles are more sensitive in nature, robust access controls are necessary. 

"Standard zero-trust approaches can be used to protect most information. Instead of relying on traditional perimeter-based security measures, zero trust assumes no implicit trust, so verification is required from anyone or anything trying to access resources. Essentially, zero trust removes the protected boundary or the 'safe' zone.

"Organizations large and small should implement a zero-trust architecture with least-privilege access to ensure employees only have access to what they need to do their jobs. This includes giving access to only what employees need to do their jobs, not granting access indefinitely, periodically checking who has access and monitoring activity."

Jason Soroko, Senior Fellow at Sectigo

"Cybersecurity professionals define insider threats as risks originating from individuals within an organization who have authorized access to systems and data, but misuse that access, either maliciously or unintentionally. This definition encompasses employees, contractors, or partners who, due to complex environments, hybrid work models, or the adoption of advanced tools like GenAI, might exploit vulnerabilities. 

"Examples include an employee stealing sensitive data for personal gain, inadvertently leaking confidential information through phishing scams, or neglecting security protocols that lead to security breaches.

"The rising cost of recovery after an insider attack is driven by the complexity of IT environments, the adoption of new technologies like IoT and AI, and inadequate security measures such as systems using weak authentication. These factors make detecting and mitigating insider threats more challenging, leading to more severe and costly breaches."

Related Stories
Encryption
Cybersecurity
Next-Gen Data Protection Strategies
People Cyber Metamorworks
Cybersecurity
Strength Under Fire
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Usual Suspects
A security surveillance camera is seen near the Microsoft office building in Beijing, July 20, 2021.
Cybersecurity
Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the U.S.
More in Cybersecurity
Cybersecurity
Automotive Ransomware Attacks More Than Doubled in 2025
More AI, expanded autonomous technologies and evolving threat actors are elevating cyber risks.
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
SBOM Regs Rolled Back
The two Biden-era memoranda required agencies to obtain software security attestations before deployment.
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Threats Targeting Employee Credentials Surge 389 Percent
Credentials are being stolen in as little as 14 minutes.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Shadow AI Threats Grow
Productivity pressures are pushing many to bypass safeguards, increasing exposure to data leaks.
Insider Threat Leo Wolfert
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
AI could help hackers take greater advantage of visibility shortcomings.
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Domino Effect of a Data Breach
Here are some strategies to detect breaches faster and limit their capacity for damage.
Coding
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
AI is framed as a multi-faceted solution, but the conversation often goes off course.
Ai Your Photo
Cybersecurity
Security Breach: Strengthening Your Weakest Links
All the little things can kill a cybersecurity strategy, but there are ways to tie them all together.
Ep157
Cybersecurity
The Rise of Identity and Data Security Dependency
Predictions on what will shape industrial cybersecurity in 2026 and beyond.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Securing the Edge in AI-Enabled Smart Factories
Growing data needs have manufacturers between a rock and a hard place.
Sase Supatman
Cybersecurity
How AI Is Transforming Cybersecurity Threats in 2026
Social engineering, deep fakes and more will benefit from the evolution of artificial intelligence.
Deepfake Orhan Turan
Cybersecurity
Inside The Mind of a Hacker
The report details how hackers are moving to a more collaborative, AI-enhanced approach.
General Cyberattack
Page 1 of 55
Next Page