What is the definition of an Insider Threat?

An insider threat is the risk that someone who already has legitimate access to an organization’s information, systems, or facilities will misuse that access to cause harm. The best definition emphasizes the likelihood or potential that an insider will use authorized access to do harm to national security, capturing the essence that insiders—such as current or former employees, contractors, or partners—can exploit their access, whether maliciously or through negligence, to compromise security. The idea isn’t limited to outsiders or to those with no sensitive access; insiders can handle classified or sensitive data and still pose a threat. Other descriptions don’t fit because they either describe individuals with no access, describe someone unrelated to access dynamics (like a foreign national on a board), or limit the scope to unclassified information, which doesn’t reflect the true risk insiders pose.