Insider threat

We offer expert advice that delivers understanding of the behaviours, motivations, and characteristics of insider threat, and the catalysts that may trigger an insider attack.

Most organisations routinely take steps to protect their assets from external threats but a large proportion of attacks on technology, property or resources come from the inside, not the outside. Using our extensive knowledge of the commercial and defence arenas, we provide expert advice that delivers a holistic understanding of the behaviours, motivations, and characteristics of the insider threat, and the catalysts that may trigger an insider attack.

Protecting your business from the inside

Insider attacks can have devastating effects – a trusted employee or contact may have access to information and areas that enable them to commit acts that cause huge amounts of damage. In the financial services sector the average loss of insider attack in the US is reported as $750,000 (£500,000) per attack, with the real cost often being much higher. In the security and defence arena, an insider attack can obtain restricted knowledge, inflict serious injury to personnel or even prove fatal.

Understanding why an attack might happen is just as important as understanding how it might happen. Our psychology and human factors specialists use validated, psycho-behavioural methods to enrich your organisation's understanding of insider threat risks, and to provide you with clear, concise and actionable recommendations for the creation of a safer, security-aware, human-focused environment.

Our comprehensive three-step approach to the challenges posed by insider threats includes:

  • An insider threat audit, which identifies risk areas and defines the relationship between the complex insider threat influences, then produces a prioritised risk assessment and recommends mitigation strategies
  • An insider threat management plan, covering all relevant functional areas, with the necessary policies, procedures, guidelines and controls to help you manage your priority risks
  • An insider threat change delivery programme, which implements the actions needed to mitigate insider threat across your organisation – from software engineering and supply chain management, to organisational culture and resilience.