STRENGTHENING GOVERNANCE AROUND INSIDER RISK

Insider risk remains a complex challenge facing organisations, encompassing both malicious activity and inadvertent actions by employees, contractors and trusted partners. As access to sensitive systems and data continues to expand across digital platforms, organisations are placing greater emphasis on monitoring, governance and behavioural risk indicators to identify potential threats.

Effective management of insider risk requires a combination of technological controls, clear policies and a strong organisational culture. When these measures are integrated into broader risk and compliance frameworks, organisations are better able to identify vulnerabilities early, protect sensitive information and maintain trust with regulators, clients and stakeholders.

Insider risk also appears to be increasing. According to a 2025 Fortinet and Cybersecurity Insiders global survey of IT and security professionals, 77 percent of organisations surveyed experienced insider-related data loss in the preceding 18 months, with 21 percent of respondents reporting more than 20 incidents during that period. For many organisations, insider incidents are not isolated events but recurring challenges that consume resources and undermine confidence.

The financial impact of insider risk is significant. Forty-one percent of respondents stated that their most serious insider incident resulted in losses of between $1m and $10m, while a further 9 percent reported even higher costs. These figures reflect not only the immediate expense of remediation and system downtime, but also regulatory penalties and long-term reputational damage.

Jul-Sep 2026 Issue

Richard Summerfield

Join our free mailing list to read the full article