Cybersecurity Reference > Glossary
An Insider Threat is a case in which there is either measurable risk or actual evidence that someone with legitimate access to an information system will use or has used their access for illicit and harmful purposes.
Such illicit and harmful activity may occur under durress, in retaliation for workplace events or conditions, as the result of blackmail or bribery, to engage in corporate espionage, or for other similar reasons.
Insider threats are particularly worrying because they are very difficult for organizations to prevent; the user in question generally has and must have such access as a part of their regular duties. In some cases, insider threats result when a malicious actor uses a colleague's credentials or privileges to engage in illicit activity.
Some also consider damaging activity that is unintentional or non-malicious, such as accidental data loss or inadvertent credential sharing, to be a form of insider threat.