The Hardest Threat to Model Sits at the Next Desk

In 2025, the Ponemon Institute published its annual Cost of Insider Risks report, drawing on data from more than 8,000 IT and security practitioners across 349 organizations worldwide. The average annualized cost of insider-driven security incidents had risen to $17.4 million per organization, up from $15.4 million in 2022. Containment of a single incident took an average of 81 days.

The most common source of those incidents was not sabotage or espionage. Fifty-five percent were attributed to employee negligence or mistakes. Another 20 percent involved employees who had been compromised by external actors. Only 25 percent were caused by insiders acting with deliberate malicious intent.

These figures point to a structural problem in organizational security that extends well beyond any single company or sector. The difficulty is not simply identifying bad actors inside a network. The difficulty is that the behavioral footprint of a harmful insider and a harmless one can be nearly identical.

Credentials Without Context

Threat modeling in its most familiar form concerns external adversaries: attackers scanning for open ports, phishing campaigns targeting employee credentials, state-sponsored groups probing for unpatched vulnerabilities. The Verizon 2024 Data Breach Investigations Report, which analyzed more than 30,000 security incidents and 10,000 confirmed breaches, found that 68% of breaches involved a non-malicious human element, such as errors or social engineering. Credential theft was the most common initial access vector, followed by phishing and vulnerability exploitation.

External threats, while serious and evolving, are conceptually cleaner to address. The adversary has no authorized access. Any presence inside the network is, by definition, illegitimate. Detection can lean on boundary enforcement: firewalls, intrusion detection systems, multifactor authentication. The signal is relatively unambiguous.

That clarity disappears once the person in question already holds valid credentials. At a large technology company, a backend engineer running load tests against an internal API generates log entries that can look indistinguishable from reconnaissance. A data scientist querying a large user table for feature development produces access patterns that overlap with bulk data exfiltration.

A site reliability engineer probing failure modes in a production-adjacent environment behaves, to a monitoring system, like someone mapping attack surfaces. This is the intent attribution problem at the center of insider threat work. Tooling can observe behavior with increasing granularity: queries made, endpoints accessed, data volumes transferred, hours of activity. What tooling cannot observe is motivation.

That gap between behavioral signal and underlying intent is where false positives accumulate, alert fatigue sets in, and genuine threats find cover. The base rate dynamics compound the difficulty. In any organization with thousands of technical employees, the number engaged in legitimate but unusual system interactions on a given day will far exceed the number engaged in actual malfeasance.

Any detection system calibrated to flag unusual internal behavior will, by mathematical necessity, produce a volume of false alarms that requires human review, consumes analyst time, and gradually erodes attentiveness to real incidents. A 2024 report by Cybersecurity Insiders and Securonix found that 90% of respondents considered insider attacks equally or more difficult to detect than external ones, up from roughly 50% who held that view in 2019.

Three Competing Architectures of Trust

Organizations have developed several broad strategies for managing this tension, each reflecting a distinct philosophy about trust, autonomy, and acceptable risk. The first is tight role-based access control: scoping each employee's permissions narrowly to the systems and data their current role requires. The NIST Special Publication 800-53 security controls framework codifies this approach in detail, specifying least-privilege access, separation of duties, and monitoring of privileged accounts as baseline controls for federal systems and, by extension, much of the private sector.

Role-based restriction reduces the surface area any single actor can affect. But it also introduces friction. Engineers working across team boundaries, which at a large technology company is frequent and often encouraged, encounter permission barriers that do not align with the shape of their work. The result is a secondary economy of access requests, escalation tickets, and workarounds, some sanctioned and some improvised, that can itself become a source of security ambiguity.

A second approach inverts the model: grant broad access and invest in comprehensive logging and after-the-fact audit. The philosophy is that restricting access harms velocity and signals institutional distrust, while thorough logging preserves the ability to reconstruct and investigate incidents post hoc. Companies with strong engineering cultures often gravitate toward this model because it aligns with values of autonomy and technical ownership.

The tradeoff is temporal. Damage from a malicious insider may already be done by the time the audit trail reveals it. Google's BeyondCorp framework, developed beginning in 2011 in response to nation-state attacks against Silicon Valley companies, represents a more granular evolution of both approaches.

BeyondCorp is a zero trust architecture that eliminates the assumption that internal networks are inherently safe. Access decisions are made per-request, based on the identity of the user, the security state of the device, and contextual signals, rather than on whether the user happens to be inside the corporate network. The model has since become the basis for commercial zero trust products adopted across industries.

A third strategy, often layered on top of either of the above, employs deliberate deception. Honeypots, canary tokens, and tripwire systems are designed to attract and detect behavior that no legitimate workflow should produce. A database table containing plausible but fabricated sensitive data, an internal endpoint with no authorized use case, or a document seeded with tracking markers can produce high-confidence alerts with minimal noise.

The cybersecurity firm Thinkst has built a widely adopted commercial platform around this concept, offering devices and tokens that generate what the company describes as near-zero false positives. The limitation of deception is coverage: it detects the adversary who stumbles into a specific trap, which requires correctly anticipating the adversary's path.

In practice, most mature security programs deploy a blend of all three strategies, tuned to specific risk profiles and organizational cultures. A defense contractor will skew heavily toward access restriction, accepting the productivity cost as appropriate for the stakes. A consumer technology company with a culture of rapid iteration and internal mobility will lean toward audit and zero trust, treating access friction as the more immediate organizational threat.

The weighting reveals institutional priorities. The trend across industries has been toward increased investment in all three. According to the Ponemon data, organizations now allocate 16.5% of their annual IT security budgets to insider risk management, roughly double the 8.2% reported in 2023.

Eighty-one percent of organizations surveyed either have or are planning to have a formal insider risk management program, and 65% of those with existing programs reported that it was the only security strategy that enabled them to detect risk before a breach occurred.

The Problem Across Sectors

The challenge extends well beyond technology companies. Healthcare organizations face a structurally parallel problem with electronic health records. A physician accessing a patient's chart could be providing care, conducting quality review, or browsing without authorization. The behavioral footprint, a records query, is identical across all motivations.

The consequences of getting that distinction wrong are well documented. In 2023, the U.S. Department of Health and Human Services settled with Yakima Valley Memorial Hospital in Washington State for $240,000 after an investigation found that security guards had improperly accessed the medical records of 419 individuals.

In the same year, five former employees of Methodist Hospital pleaded guilty to unlawfully obtaining patient information from motor vehicle accident victims and disclosing it to third parties, according to HIPAA Journal. The fines ranged from $1,000 to $50,000 per individual.

These are not edge cases. Employee record snooping is among the most commonly reported HIPAA violations. The University of California Los Angeles Health System was fined $865,000 after a physician accessed celebrity patient records 323 times without authorization following notification of his pending dismissal. He became the first healthcare employee sentenced to federal prison for a HIPAA violation.

At Huntington Hospital in New York, a night-shift employee improperly accessed the records of approximately 13,000 patients over a period of months before the activity was detected through access log audits. The Verizon 2024 DBIR found that in healthcare specifically, 70% of threat actors behind data breaches were internal, a proportion far higher than in most other sectors.

The pattern is consistent with an environment in which broad records access is a clinical necessity and unauthorized access is, by the numbers, frequent. Healthcare providers have attempted to address this through break-the-glass access models, where certain records require explicit justification at the moment of access, combined with retrospective audit of access patterns.

Financial institutions navigate a version of the same tension. Quantitative analysts testing models may produce access patterns difficult to distinguish from those of someone attempting to front-run client orders. Universities managing shared research computing infrastructure must decide whether a graduate student running unusual workloads on a cluster is pursuing novel computation or mining cryptocurrency.

Government agencies, as outlined in Executive Order 13587 and the related National Insider Threat Policy, are required to establish formal insider threat programs that integrate technical and behavioral data sources, a mandate that has since influenced private-sector practice through frameworks like NIST SP 800-53.

Baselines, Stressors, and the Limits of Automation

The industry's current trajectory points toward behavioral baselining: establishing what normal looks like for a given individual or role and flagging deviations from that baseline rather than deviations from a universal standard. A database administrator who routinely queries large datasets is not anomalous when doing so on a Tuesday. The same query from a frontend developer who has never touched that database carries different weight.

This approach improves signal quality, but it introduces its own failure mode. A patient insider who gradually escalates behavior over weeks or months can shift their own baseline incrementally, until the eventually harmful action falls within the range the system has learned to consider normal.

Research in this area is active. A 2025 study published in Scientific Reports proposed using federated learning combined with convolutional neural networks to improve detection accuracy on the CMU CERT Insider Threat Dataset, achieving an AUC of 98.75% in controlled testing. The gap between laboratory performance and real-world deployment, where behavioral data is noisier, less labeled, and more contextually dependent, remains significant.

The CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute, which has studied more than 3,000 insider incidents since 2001, has emphasized that the problem is fundamentally sociotechnical. In most cases, the center's research notes, employees do not join organizations with the intent to do harm.

They become motivated to act against their employers when they experience stressors, exhibit concerning behaviors, and when employers respond to those behaviors in ways that escalate rather than resolve the underlying issues. The implication is that detection systems alone are insufficient without attention to the organizational conditions that produce insider risk in the first place.

There is also a human-systems dimension that resists purely technical solutions. The most informative signals about insider intent often come from coworkers, managers, and institutional context: an employee going through a contentious departure, someone with unresolved grievances, someone in financial distress.

NIST's SP 800-53 framework explicitly recommends that insider threat programs integrate both technical and nontechnical data sources. But incorporating behavioral and HR signals into a threat model raises questions about surveillance, privacy, proportionality, and organizational ethics that are distinct from the detection problem itself.

Companies that monitor employee communications, track badge access patterns, or flag HR-reported behavioral changes are making decisions about what kind of institution they want to be. Those decisions affect recruiting, retention, and culture in ways that reach well beyond the security team's mandate.

The underlying reality is that insider threat management is less a problem to be solved than an ongoing institutional negotiation. The organization is perpetually balancing its need to protect against a small number of people who would cause harm with its obligation to preserve conditions that make it a productive and attractive place to work, or to be treated as a patient, student, or client.

The tools improve, the detection grows more sophisticated, and the anomaly models grow sharper. But the core tension persists because it is structural: the same access that enables productive work enables destructive work, and the distance between the two is measured in intent that no system fully captures.

For technology companies in particular, the negotiation carries a recursive quality. The engineers building monitoring systems are themselves subject to monitoring. The internal culture that celebrates experimentation, boundary-testing, and questioning assumptions is also the culture that generates the ambient noise inside which a malicious actor operates.

Managing that complexity, watching the watchers while trusting the system to function, remains among the quieter and more consequential problems in organizational security.

Sources

• Ponemon Institute. "2025 Cost of Insider Risks Global Report." Ponemon Institute / DTEX Systems, 2025.
• Verizon. "2024 Data Breach Investigations Report." Verizon Business, 2024.
• Cybersecurity Insiders and Securonix. "2024 Insider Threat Report: Trends, Challenges, and Solutions." Cybersecurity Insiders, 2024.
• National Institute of Standards and Technology. "Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev. 5)." NIST, 2020.
• Google Cloud. "BeyondCorp Zero Trust Enterprise Security." Google, 2014.
• CERT National Insider Threat Center. "Insider Threat Research Program." Carnegie Mellon University Software Engineering Institute, 2024.
• Ye, X., Luo, F., Cui, H. et al. "Research on insider threat detection based on personalized federated learning and behavior log analysis." Scientific Reports (Nature), 2025.
• U.S. Department of Health and Human Services, Office for Civil Rights. "Snooping in Medical Records by Hospital Security Guards Leads to $240,000 HIPAA Settlement." HHS.gov, 2023.
• HIPAA Journal. "The Most Common HIPAA Violations You Must Avoid." HIPAA Journal, 2026.
• Cappelli, D., Moore, A., Trzeciak, R. "Common Sense Guide to Mitigating Insider Threats, Fifth Edition (CMU/SEI-2015-TR-010)." Carnegie Mellon University Software Engineering Institute, 2016.
• Thinkst. "Thinkst Canary: Deception-Based Intrusion Detection." Thinkst Applied Research, 2025.
• SANS Institute. "Tackling Modern Human Risks in Cybersecurity: Insights from the Verizon DBIR 2024." SANS Institute, 2025.