Mitigating the risks of the insider threat

London, UK

With insider threats on the increase, G4S Academy International Director Noah Price explains the risks and threats employees can pose to an organisation and how to prevent them.

If asked to describe a physical security breach that can impact a company, most people would think of an external criminal intent on harming an organisation. But what if the attack comes from within? Perpetrated by someone you should be able to trust? Insider threats are a serious security risk that every business must prepare for. Failing to do so could be reputationally or financially damaging. According to G4S’s first-ever World Security Report, internal threats are expected to increase next year, with 92% anticipating their company will be targeted.

What is an insider threat?

An insider threat is carried out by someone who exploits their ‘authorised’ access for ‘unauthorised’ purposes. The employee, subcontractor or someone permitted to work within an organisation can get their hands on confidential or sensitive information, data or communications. They may then hold the organisation to ransom in order to return what they have stolen, they may leak the information into the public domain, or they may choose to sell the stolen material to a third party or hostile state.

Types of insiders

Threat actors who commit an insider threat are usually classified as a ‘knowing insider’ or an ‘unknowing insider’. A knowing insider is someone who deliberately uses their access on purpose to cause harm. They are often motivated by financial gain. Or, sometimes they are stealing company data to gain a competitive edge for a new venture or may be disgruntled. Usually, they are a lone wolf who acts on their own without any other influences.

An unknowing insider is someone who may not fully understand what they are doing, or becomes an Insider threat by mistake. Unknowing insiders can also be unaware that they are being taken advantage of by others. They might download malware, give information to scammers or click on a link in a phishing email.

Insider threats data

Concerningly, internal threats are increasing. 89% of CSOs say their company experienced some form of internal threat in the last 12 months according to the G4S World Security Report; this is expected to increase to 92% in the year ahead.

“Misuse of company resources or data” is the most common internal threat, with 35% having experienced this, followed closely by “leaking of sensitive information” at 34%. This threat is expected to become the biggest internal threat in the next 12 months.

“Misuse of company resources or data” has the strongest correlation with “implementing more effective security.” This was the internal incident most likely to drive companies to improve their security in the last year.

“Unauthorised access to company resources or data,” “industrial espionage” and “intellectual property theft” are all expected to increase in the next year. Perceived financial gains may entice a company employee to share confidential information in exchange for payment.

In the headlines

Insider threats make headlines; news outlets regularly report on high-profile or unusual incidents - which can damage a brands reputation in the media, with customers and stakeholders.  Noah Price cites the following examples that have appeared in the news headlines quite recently.

  • In October 2023, a man was seen urinating into a vat at a Tsingtao beer factory. Tsingtao’s stock price slumped 7.5% on the Shanghai Stock Exchange over the course of a week.
  • The British Museum announced in August 2023 that up to 2,000 objects from its storerooms were missing, stolen or damaged. An employee was dismissed and the police are investigating.
  • A European news site reported in March 2024 that sensitive files of top law enforcement officials at Europol had gone missing, sparking a crisis. Politico reported that “a clutch of highly sensitive files containing the personal information of top law enforcement executives went missing last summer. They were supposed to be under lock and key, in a secure storage room deep inside Europol's headquarters in The Hague.” An employee was also dismissed on this occasion.


"Fostering a culture that combines security awareness alongside up-to-date equipment and technology is," says Noah Price, "the best preventative measure. Employees should be regularly trained to identify phishing attempts and suspicious behaviour, as well as reminding them of data security protocols. They should also only have the access they need to certain documents and areas of a building."

He also recommends that additionally companies should look at implementing strong access controls to help restrict digital and physical theft or leakage. "Ideally, access controls should be enhanced with surveillance technology. When employees know the cameras are on them, it’s harder to do anything deceitful. Cameras can also help with the issue of people using each other's access cards. The CCTV footage will show who actually entered any specific area, and exactly what they did there."

"CCTV will never be enough by itself, but should be part of a full security system and monitored by a well-trained team," he concludes.


Product Suppliers
Back to top