SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Security guard monitoring surveillance cameras control room employees moving through secure doors
#
Endpoint Protection
#
MFA
#
Phishing

Insider threats: Protecting what matters most from within

Mon, 1st Sep 2025
By Content Team, Gallagher Security

In today's rapidly evolving threat landscape, organisations face a dual challenge: defending against external attacks while remaining vigilant to risks from within. Insider threats - whether intentional or accidental - pose a significant danger to operational integrity, financial stability, and reputation. As a global leader in integrated security solutions, Gallagher Security is committed to helping businesses and government agencies understand and mitigate these risks.

What is an insider threat?

An insider threat arises when individuals with authorised access - employees, contractors, or partners - misuse their privileges, either deliberately or inadvertently. These threats are often overlooked, yet they account for some of the most costly and difficult-to-detect security breaches.

There are two primary types of insider threats:

  • Unintentional insiders: Individuals who unknowingly compromise security through poor cyber hygiene, falling for phishing scams, or mishandling sensitive data.
  • Malicious insiders: Those who intentionally exploit their access for personal gain, sabotage, or under external influence such as extortion or espionage.

Motivations and causes

Gallagher's 2025 Security Industry Trends Report reveals that correcting human mistakes - like clicking on malicious links or leaving doors unsecured - is a top priority for security professionals. Common motivators behind insider threats include:

  • Financial gain
  • Intellectual property theft
  • Revenge or disgruntlement
  • Espionage and fraud

Contributing factors often include:

  • Poor security awareness and training
  • Excessive access privileges
  • Inadequate monitoring and auditing
  • Disengaged or disgruntled employees

Recognising the warning signs

Behavioural changes can signal potential insider threats. These may include:

  • Working unusual hours
  • Increased secrecy or guarded behaviour
  • Emotional withdrawal or stress

Gallagher advocates for a people-first approach - building strong relationships and offering support when changes arise. Detection tools such as tripwires and behavioural analytics can also help identify suspicious activity early.

Prevention strategies

Preventing insider threats requires a multi-layered approach. Gallagher recommends:

1. Risk management and security audits

Assess your organisation's attractiveness to insider threat actors. Regular audits, antivirus software, and partnerships with trusted security providers are foundational.

2. Pre-employment screening

Thorough background checks, financial reviews, and criminal history assessments help identify high-risk individuals before they gain access.

3. Physical security controls

Implement access zones and competencies to restrict entry based on role. Gallagher's access control solutions offer real-time monitoring and reporting, ensuring compliance with government standards.

4. Data security best practices

Use strong passwords, multi-factor authentication, and data encryption. Regular software updates and vulnerability disclosures - such as those supported by CVE Numbering Authorities - are essential.

5. Education and awareness

Security awareness training should be ongoing and tailored to high-risk roles. Building a culture of security literacy empowers employees to act responsibly.

6. Behaviour monitoring and reporting

Auditing tools and dashboards help detect anomalies. Establishing clear reporting channels and fostering a culture of trust ensures employees feel safe to speak up.

The cost of insider threats

According to the Ponemon Institute's 2025 report, the average annual cost of insider risks has risen to USD $17.4 million, with containment times averaging 81 days. IBM's 2025 data breach report confirms that breaches initiated by malicious insiders are the most expensive, averaging USD $4.92 million per incident.

Despite growing awareness, only 37% of organisations use core detection technologies like UEBA (User and Entity Behaviour Analytics), and less than 10% of IT security budgets are allocated to insider risk management.

Gallagher's commitment

Gallagher Security's Information Security Management System (ISMS) and Insider Programme are designed to support proactive threat detection and response. Our ISO27001-certified processes ensure that security is embedded across all systems, infrastructure, and personnel.

We believe that protecting what matters most starts from within. By combining technology, training, and trust, organisations can build resilient systems that safeguard people, assets, and operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Eugene Donovan rejoins Gallagher Security as Training Solutions Engineer
Atturra & EncompaaS partner to accelerate agentic AI adoption
TeamViewer unveils Agentless Access for secure industrial control
Falco integrates Stratoshark for faster forensic cloud security
Exclusive: Informatica's Krish Vitaldevara on AI’s next evolution

Top stories

AI & phishing attacks highlight human risk in Australian fraud
Synology unveils PAS7700 NVMe storage to meet AI data surge
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap
Financial firms struggle to fully scale AI amid data silos & security
Datadog launches cloud storage tool to tackle rising AI costs