Insider Threat
Insider Threat
Exposure overview
Insider Threat refers to the risk posed by individuals within an organisation who have access to sensitive information, systems or networks and may misuse that access to harm the organisation.
Unintentional actions by employees, such as falling for phishing attacks, misconfiguring systems or mishandling data can also lead to security or privacy breaches.
There has been a significant increase in the number of organisations reporting insider threat attacks, as they become harder to detect due to technological enhancements and hybrid work environments.
The Law
If the Cyber Crime event also caused a breach of personal information, the Privacy Act may be applicable.
There have been incidents of criminals attempting to recruit company employees to install ransomware on the company’s network. e.g. a Russian national attempted to coerce a Tesla employee to deploy ransomware in 2020. On 25th November 2024, the Federal Government passed the Cyber Security Act 2024 (“Cyber Security Act”), which requires organisations to report ransomware payments to the Department of Home Affairs and the Australian Signals Directorate. Ransomware reports are to be made within 72 hours of payment and a failure to comply will result in a civil penalty of 60 penalty units (A$93,900).
Scale of the problem
There is growing concern and impact of insider threats on Australian organisations:
- 47% of organisations reported experiencing at least one insider threat attack in the last year;
- 34% of organisations reported a data breach due to insider threats.*
*Australian Government Annual Cyber Threat Report 2023 - 2024
Exposure Mitigation
To mitigate the risk of insider threat scenarios, organisations should consider implementation of the following in conjunction with their wider security programme and the advice received from their IT security adviser:
- Identify Risky Users: Regularly assess and identify users who may pose a higher risk, such as those with access to sensitive data or those exhibiting unusual behaviour;
- Monitor User Activity: Use tools to monitor and analyze use behaviour for unusual or unauthorised activities;
- Access Revocation: When staff leave an organisation, immediately revoke their access to all systems, including e-mail, remote access and company devices;
- Employee training: Implement phishing training to educate staff susceptible to malicious phishing attempts;
- Promote good communication: Ensure that policies and procedures are well communicated and well understood by all employees.
Insurance Solution
Independent acts by employees that are reckless, fraudulent, dishonest, malicious or criminal are covered under the policy. Please note coverage is not extended to directors and senior officers of the Insured, for these acts.
