Rising Risk of Insider Threats: The Human Factor in Cybersecurity

Insider threats represent one of the most complex security challenges for organisations today. Cyber incidents are often thought of as just cyber attacks by external parties which typically grab headlines. However, it is now well known that insider threats - stemming from individuals within an organisation including employees, contractors, or business partners -  are growing, harder to detect and can be just as damaging as external attacks.

Threats from insiders can still lead to significant consequences such as data breaches, financial losses, legal repercussions, and long-term reputational damage, potentially undermining customer trust, disrupting business operations, and requiring costly recovery efforts. Insider threats are often harder to detect as more inherent trust given to insiders. ¹

Global cybersecurity company Fortinet’s report on security operations (SecOps) across Asia-Pacific highlights the growing concern of insider threats, particularly in Singapore, with 82% of respondents attributing this rise to remote work environments². Alongside traditional threats like phishing and ransomware, insider incidents are becoming more frequent, driven by factors such as insufficient training, lack of employee care, and poor communication. This underscores the urgent need for organisations to address human factors and strengthen their cybersecurity practices.

Understanding that human behaviour is key in preventing and mitigating insider threats is crucial, as these threats can result from malicious intent, negligence, or lack of awareness, leading to data breaches, financial losses, and reputational damage. 

Common Insider Threat Scenarios

Insider threats can manifest in various forms and are often difficult to detect, as they exploit trusted access. Understanding the common scenarios in which these threats occur is crucial for developing effective security measures and prevention strategies. Below, we explore some of the most prevalent insider threat scenarios.

Negligence

Negligence, responsible for 55% of insider threats³, often results from human errors such as misconfigurations, accidental data sharing, or breaches of security protocols. These mistakes can expose critical data, weaken security, and even enable cyberattacks like credential stuffing. While negligent insiders lack malicious intent, their actions—such as falling for phishing attacks, bypassing security controls, or losing sensitive devices—can create significant vulnerabilities and compromise confidential information.

The largest IT outage in history which happened in July 2024 that had millions of Windows systems failing around the world, is an example of the devastating consequences that can be triggered by just a botched software update. Insurers estimate the outage will cost U.S. Fortune 500 companies $5.4 billion. ⁴ 

Malicious intent

Malicious intent accounts for 25% of insider threat incidents⁵, involving employees or authorised individuals who misuse access for harmful, unethical, or illegal activities—often disgruntled current or former employees exploiting their knowledge of organisational systems. Their actions can include stealing or leaking sensitive data, such as customer information or intellectual property, sabotaging operations by introducing malware, tampering with files, or destroying software and hardware. In some cases, insiders may collaborate with external actors, such as hackers or competitors, or even be coerced to work with them, leading to potentially greater damage. 

These activities are often hard to detect but can lead to substantial financial losses and reputational harm to the organisation. For example, a former employee of NCS, a multinational IT company, caused an estimated S$918,000 in damages after accessing and deleting 180 virtual servers following his termination.⁶

Credential theft

Making up 20% of insider threats⁵, credential theft occurs when external attackers use tactics like social engineering, brute force attacks, or credential stuffing to obtain legitimate user credentials. Once in possession of valid credentials, attackers can infiltrate an organisation’s network and cause significant harm, often without being detected for a long period.  

For instance, in April 2021, the Turkey-linked group COSMIC WOLF used stolen login details to access a cloud provider’s system, changing security settings to allow direct access from their own servers.⁷ This underscores the notion that hackers often do not break in, but  log in instead (using stolen credentials of unwary or collaborating users).

Mitigation Strategies to Combat Insider Threats

To effectively safeguard from insider threats, a comprehensive approach that includes proactive measures, employee awareness, and technology is essential. By focusing on prevention and early detection, organisations can reduce their vulnerability and mitigate the potential damage caused by internal risks. Here are some key strategies to help protect against insider threats: 

Strengthening Security Culture and Access Controls

Strengthening security culture is vital to safeguarding organisational data, and this begins with the implementation of robust access controls to mitigate insider threats. By restricting data access based on job roles, organisations ensure employees only access the information necessary for their tasks, reducing the risk of data misuse. Regular audits and effective privilege management further bolster this by ensuring access rights are continuously reviewed and adjusted as needed. 

Additionally, monitoring access patterns and setting up alerts for suspicious activity—such as access to sensitive data outside normal working hours—allows administrators to respond quickly to potential breaches. This proactive approach not only protects sensitive information but also fosters a culture of security where all employees are accountable for data protection, ensuring the organisation remains resilient against internal and external threats.

Employee Awareness and Behavioural Analytics 

Employee awareness and education are crucial in mitigating insider threats. Regular training should focus on password security, phishing prevention, and secure data handling, fostering a culture of cybersecurity awareness. This can reduce both accidental and intentional insider threats, ensuring employees understand data protection policies and the consequences of violations. 

In addition, leveraging behavioural analytics can significantly enhance threat detection.⁸ By monitoring normal employee behaviour, organisations can identify anomalies such as unusual access to data or abnormal download patterns. Early detection through these tools can help prevent potential damage by flagging suspicious activities before they escalate.

Covering Losses from Legal and Financial Repercussions 

Insider threats can lead to severe legal and financial consequences for both individuals and organisations, including breach of contract, data privacy violations, criminal charges, and potential lawsuits. Individuals involved in data leaks could face dismissal or prosecution, while organisations may be liable for fines and litigation. Cyber insurance plays a critical role in mitigating these risks, helping organisations recover financially from breaches - even if they originate from insiders - by covering both direct losses and operational disruptions, ensuring businesses can manage financial and reputational fallout. 

Separately, the 2020 Razer data breach, caused by their vendor Capgemini’s oversight, also underscores the need for robust third-party risk management and insurance. The mishandled IT issue exposed the personal data of over 100,000 customers, resulting in a $6.85 million loss and the rejection of Razer's digital bank license application.⁹ Beyond cyber insurance, the case emphasises the importance of Professional Indemnity Insurance when working with third-party vendors, safeguarding organisations from legal and financial liabilities due to vendor errors. 

Harnessing Analytics, Intelligence, and Response to Tackle Insider Threats

Insider threats can be difficult to detect and mitigate in real-time. Leveraging behavioral analytics and threat intelligence, AI-powered systems can track user behaviour to identify anomalies that may signal malicious activity, while advanced algorithms can analyse vast amounts of threat intelligence to proactively detect emerging risks. 

Equally critical is having a robust incident response plan in place that includes an Insider threat playbook, ensuring rapid identification, containment, and investigation of threats. Regular drills and updates to the plan ensure that teams are always prepared, minimising potential damage and ensuring that evidence is preserved for legal action if needed. By combining advanced technology with clear procedures, organisations can more effectively manage and mitigate insider threats.

¹ CrowdStrike, 2024 Global Threat Report
² IT Brief Asia, Fortinet report reveals cyber threats & defence gaps in Asia Pacific
³ SecurityMagazine.com, 55% of insider threats come from a negligent or mistaken insider
⁴ TechTarget.com, CrowdStrike outage explained: What caused it and what’s next
⁵ StationX.net, Insider Threat Statistics: (2025’s Most Shocking Trends)
⁶ Eteknix.com, Fired Employee Causes Massive Damage by Deleting Test Servers
⁷ Crowdstrike.com, Common Cloud Threats: Credential Theft
⁸ SecurityIntelligence.com, Detecting insider threats: Leverage user behavior analytics
⁹ CNA, IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak