Insider threats are mainly studied from two different perspectives in academia: cyber security research and intelligence research. These two perspectives intersect as both explore questions of security and information. Scholars researching intelligence, counterintelligence and national security perspectives of insiders and insider threats refer to studies in cyber security1 and vice versa 2.
The lack of a standard definition of “insider threats” and “insiders” has been a problem in research, Mundie, Perl & Huth 3 noted when they explored 42 different definitions of the terms. Their own definition of the term ”insider threat” reads as follows:
Current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.
Mundie, Perl & Huth, 2013, DOI
This definition equates “insider threat” with “insider”, as harm is already done. In contrast, others describe a threat as “a set of circumstances that has the potential to cause loss or harm” 4. People that have already caused harm, i.e. threats that have performed (at least some of) their harmful potential, are referred to simply as “insiders”5 and their actions as “insider acts”. Deliberate actions with the intent to cause harm are described as ”insider attacks”6, and their perpetrators ”malicious insiders”, whilst human threats without intent to cause harm are defined as benign or non-malicious7. With this definition of the term, Pfleeger, Lawrence Pfleeger & Margulies identify benign insiders as the most common harmful insider in computer security: “The vast majority of harm from insiders is not malicious; it is honest people making honest mistakes”8. A similar term is “unintentional insider threat (UIT)”, describing those “whose actions unintentionally expose the organizations to risk”9.