Insider Threat
A security risk posed by individuals within an organisation — employees, contractors, or partners — who misuse their authorised access to harm the organisation.
Not all threats come from outside. Insider threats include disgruntled employees stealing customer data, contractors with excessive access, and well-meaning staff who accidentally email sensitive files to the wrong recipient. In Malaysia, insider threats are a significant concern for businesses handling financial data (BNM-regulated entities) and personal data (PDPA scope). The principle of least privilege — giving each person only the access they need for their role — is the primary defence.