Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.



A Human-centric Approach to Operational Awareness and Risk Management.

Insider Risk Insights - DTEX Blog
  • Home
  • Press
  • DTEX Systems Releases Groundbreaking 2022 Insider Risk Report

DTEX Systems Releases Groundbreaking 2022 Insider Risk Report

Investigation-driven Findings Identify Major Spikes in Industrial Espionage Incidents, the Rise of the Super Malicious Insider Persona & Spotlight Escalated Risk Among Remote Workers

SAN JOSE, Calif. – February 8, 2022 – DTEX Systems, the Workforce Cyber Intelligence & Security CompanyTM, today announced the release of its 2022 Insider Risk Report. The report, based on real investigations and data collected by the DTEX Insider Intelligence and Investigations (i3) team throughout 2021, identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona, and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviors that create organizational risk.

Key findings of the DTEX Systems 2022 Insider Risk Report include:

  • The ‘Super Malicious Insider’ accounted for 32% of malicious insider incidents investigated by DTEX i3 in 2021;
  • 72% year-over-year increase in actionable insider threat incidents;
  • 42% of actionable incidents were related to IP and data theft, including industrial espionage incidents related to the theft of trade secrets, source code, and active collusion with a foreign nexus;
  • 75% of insider threat criminal prosecutions were the result of remote workers;
  • 56% of organizations had an insider data theft incident resulting from employees leaving or joining companies;
  • +200% year-over-year increase in data loss associated with users taking screenshots during confidential Zoom and Microsoft Teams meetings; and
  • +300% year-over-year increase in employees utilizing corporate assets for non-work activities.

For more than a decade, insider threats have been categorized as either malicious, negligent or compromised.  Based on the findings of the DTEX i3 team, a fourth persona has emerged—the Super Malicious Insider. The Super Malicious Insider is a technically proficient employee who is acutely aware of an organization’s cyber security architecture, solutions, and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators. Investigations performed by the DTEX i3 team found a dramatic increase (32%) in the use of sophisticated insider techniques across the insider incidents they studied, including a 43% increase in the usage of burner email accounts, a noticeable increase in the use of OSINT practices to conceal identity, and the active avoidance (96%) of techniques known in the MITRE ATT&CK framework.

“If any company thinks they don’t have an insider risk problem, they aren’t looking,” said Rajan Koo, Chief Customer Officer and DTEX i3 Lead with DTEX Systems. “The addition of the super malicious persona in this year’s report provides a wake-up call that traditional cyber security tools, such as DLP, UBA, and UAM, are actively being avoided or circumvented by those with sufficient technical skill and malicious intent.”

The findings and insights detailed within this report are drawn from thousands of incidents and hundreds of insider risk assessments conducted alongside DTEX customers and prospective customers around the world, spanning a wide variety of countries, industries, and organizational sizes.

“While the increase in the amount and impact of insider risk occurred across industries, we found that it is most concentrated in technology and critical infrastructure at 33% and 24%, respectively,” said Armaan Mahbod, Director of Security and Business Intelligence, Counter-Insider Threat at DTEX. “The risk to critical infrastructure entities in the Five Eyes nations is especially significant as any compromise can be damaging to the national security of these countries and the safety and well-being of its citizens.”

To download the full 2022 Insider Risk Intelligence & Investigations Report, please visit:

About DTEX Systems
DTEX Systems helps hundreds of organizations worldwide better understand their workforce, protect their data, and make human-centric operational investments. Its Workforce Cyber Intelligence & Security platform brings together next-generation DLP, UEBA, digital forensics, user activity monitoring and insider threat management in one scalable, cloud-native platform. Through its patented and privacy-compliant meta-data collection and analytics engine, the DTEX platform surfaces abnormal behavioral “indicators of intent” to mitigate risk of data and IP loss, enabling SOC enrichment with human sensors and empowering enterprises to make smarter business decisions quickly. To learn more about DTEX Systems, please visit

Media Contact
Nicole Rosenberg
fama PR for DTEX Systems
(617) 986-5041
[email protected]