Top 10 considerations for building an insider threat mitigation program

Learn more about our practice

​Organizations continue to face a variety of insider threats, as demonstrated by a string of high profile cases where employees in pursuit of validation or affirmation have used their knowledge and access to physical and/or information systems to cause significant damage. These cases highlight vulnerabilities and underscore a historical perception that insider threat mitigation is predominately a cyber-security challenge, and categorized as a strictly information technology responsibility.

Key considerations

  1. Define your insider threats: Don’t be surprised if your organization hasn’t defined what an insider threat is.
  2. Define your risk appetite: Define the critical assets (e.g., facilities, source code, IP and R&D, customer information) that must be protected and the organization’s tolerance for loss or damage in those areas.
  3. Leverage a broad set of stakeholders: The program should have one owner but a broad set of invested stakeholders.
  4. Technology, alone, won’t solve the problem: The insider threat challenge is not a purely technical one, but rather a people-centric problem that requires a holistic and people-centric solution.
  5. Trust but verify: Establish routine and random auditing of privileged functions, which is commonly used to identify insider threats across a broad spectrum of threats in a variety of industries.
  6. Look for precursors: Case studies analyzed by Carnegie Mellon University’s Computer Emergency Response Team program have shown that insider threats are seldom impulsive acts.
  7. Connect the dots: By correlating precursors or potential risk indicators captured in virtual and non-virtual arenas, your organization can gain insights into micro and macro trends regarding the high risk behaviors exhibited across the organization.
  8. Stay a step ahead: Insiders’ methods, tactics, and attempts to cover their tracks will constantly evolve, which means that the insider threat program and the precursors that it analyzes should continuously evolve as well.
  9. Set behavioral expectations: Define the behavioral expectations of your workforce through clear and consistently enforced policies.
  10. One size does not fit all: Customize training based on the physical and network access levels, privilege rights and job responsibilities.


Back to top

More topics


Life at Deloitte

People make Deloitte one of the best places to work. What’s great about the people? That’s an easy answer. They are exceptional. Each person is unique and valued for that, among the best and brightest in the business, and takes pride in his or her achievements and the success of others.