DTEX is the Global Leader for Insider Risk and Threat Management.
Download the 2023 Insider Risk Investigations Report Now



A Human-centric Approach to Operational Awareness and Risk Management.

The Difference Between Insider Risk and Insider Threats

Closing the trust-risk loop with file lineage

Every square is a rectangle, but not every rectangle is a square.

You may be wondering why we’re starting this blog post off with a third-grade math fact, but when it comes to understanding your insider risk landscape, this can be a helpful reminder. Just like this basic tenet of geometry: every insider threat is an insider risk, but not every insider risk is a threat.

As we enter Insider Threat Awareness Month, the takeaway is that 100% of your company’s employees introduce risk to the organization. From the C-suite to the custodial staff—even you, the reader, are a potential risk.

The difference between an insider risk and an insider threat is relatively straightforward: insider risks are anyone who has access to sensitive data. Insider risks do not necessarily have malicious intent—it can be a conscientious employee who makes a simple mistake exposing sensitive data. Maybe they send an email to the wrong person, leave a laptop at the coffee shop by mistake, or share a screen shot that includes data or information they don’t even realize is there.

Or, more likely they’re sending something from to their private email or storage for legitimate work purposes or clicking on suspicious links. The number of ways for well-meaning employees to introduce risk without even realizing it is long, and it’s getting longer by the day as threat actors continue to target employees with new tactics and techniques. But for most employees, risk does not mean that they are a threat.

Insider threats are a far less prevalent but far more insidious than insider risks: they are the employees, vendors, or partners who plan and execute actions to steal or release data or sabotage corporate systems. These employees are usually motivated by financial profit or are simply looking to take your data with you to their next job. There is an additional insider threat group that we’ve identified known as the Super Malicious Insider, that not only has malicious intentions, but the technical know-how to accomplish them. We’ll get into this in more detail in another blog post about the types of insider threats to look out for, but the important thing to remember is that insider threats are only a small subset of your overall insider risk profile.

When companies think about the risk posed by insider threats, too often they take a myopic approach focused on identifying insider threats. But it’s important to take a broader look—because if you don’t understand the risk, you won’t be able to identify the threats.

If you’re interested in more information on insider risks and insider threats, you can download the 2022 insider Risk Report here or contact our experts today to learn more about insider risk management and how DTEX can help secure your workforce.