Insider Threats In Focus

Predictions For 2024


Predictions, few words can provoke such extreme human emotions when it comes to weather, politics, health, the stock market, and sports.

2023 was such a rocky, uncertain, and emotional year, what with the continuing war between Ukraine and Russia, escalation conflicts between Israel and the Palestinians, China’s Spy Balloon, and record-breaking extreme weather, India surpassed China as the world’s most populous country, King Charles III was coronated in the UK and the adoption of artificial intelligence by the mainstream.

The future is a strange place, filled with fear and anxiety. We presume it will look like now apart from the different bits and pieces.

When it comes to Insider Threat predictions, what does 2024 hold for us?

Most of us agree that insider threats will either remain the same or worsen.

You can argue that it isn’t so much a prediction but more of a trend. In truth, you are right. In reality, things will only get worse. Let me tell you why.


In 2024, there will be significant changes to the insider threat landscape, with a few key predictions taking centre stage in order of importance.

1. AI Threat – The most significant is the advent of artificial intelligence-based attacks, representing a paradigm shift in insider threat issues.

2. Increased Economic Pressures – Financial hardships like rising inflation and cost-of-living crises create motives for employee fraud and data theft.

3. Rise In Insider Attacks – There will be a greater emphasis on outsiders attempting to target privileged users within organisations, whether they be rivals, foreign governments, or other entities.

4. Social And Geopolitical Pressures – Increased cyber activity targeting elections and critical infrastructure due to tensions between nations is a high possibility.

5. Rise Of Data Privacy Concerns – With increasing regulations, organisations face additional pressure to protect sensitive personal data. Insider threats can lead to significant data breaches and compliance violations.

6. Hybrid Workforce Persists – The hybrid workforce is expected to continue and, driven by employee demands and cost flexibility for employers, will continue to push challenges for managing insider risks.

People may think they are somehow immune to a business breach. They may trust their security controls, thinking they have amazing impenetrable defences. They may put their trust in “flying under the radar” or believe they are too small to have a breach. But this thinking assumes breaches come from the outside, from bad actors external to the organisation. What they fail to take into account is the risk of an insider breach.

Ready or not, this is the most likely to happen in 2024. And the main thing is to “keep calm and don’t panic”.

Prediction #1

AI Emergence As An Insider Threat

It’s been a while since IBM Big Blue defeated renowned Garry Kasparov in a chess battle. That was back in 1997, some twenty-seven years ago.

In February 2011, IBM’s Watson DeepQA computer made history by defeating the two foremost all-time champions of the TV quiz show Jeopardy!

In March 2016, the strongest Go player in the world lost to Google’s DeepMind AlphaGo.

While the closely watched Jeopardy and Go competitions showed how computers powered by machine learning and artificial intelligence can outperform humans and benefit society, concerns have also arisen about the technology’s darker side.

The fantastic adoption of AI has been both an astonishing and a dark cloud.

AI has transformed how firms run by automating repetitive operations and empowering data-driven decision-making.

However, even as we employ AI to improve business processes, streamline operations and enhance decision-making, we must also consider how it may contribute to cyber and insider threats.

One reason cybercrime has rapidly accelerated is the lower barrier to entry for malicious actors.

Cybercriminals have evolved their business models, offering subscription services and starter kits. The use of large language models like ChatGPT to write malicious code also highlights the potential cybersecurity challenges.

Because of these threats, all business leaders in today’s digital world must know about AI’s developments in cybersecurity.

On the other hand, AI is also becoming an essential tool in the fight against cybercrime.

The question is, will AI change the insider threat landscape?

Yes, that is the simple answer. AI can and will change the insider threat landscape from a positive and negative context.

Detection And Prevention

  • Positive impact: AI can enhance the detection capabilities of organisations by analysing vast amounts of data to identify patterns and anomalies.
  • Negative impact: Sophisticated attackers may leverage AI to develop more sophisticated and evasive attacks, making it challenging for traditional security measures to keep up

Behavioural Analysis

  • Positive impact: AI-driven behavioural analytics can help organisations understand typical user behaviour and identify deviations that may suggest malicious intent.
  • Negative impact: Misinterpretation of behavioural data or false positives may lead to unnecessary suspicion or false accusations against employees.

Automation Of Attacks

  • Positive impact: AI can automate the detection and response to insider threats, enabling faster reaction times and reducing the potential damage caused by malicious insiders.
  • Negative impact: Malicious insiders may also use AI to automate attacks, making them more efficient and challenging to detect.

Data Protection

  • Positive impact: AI can assist in encrypting and protecting sensitive data, making it more challenging for insiders to access or exfiltrate critical information.
  • Negative impact: Poorly implemented or insecure data handling practices within AI applications may inadvertently expose sensitive data. Furthermore, malicious insiders may intentionally exploit AI systems to leak sensitive information.

Insider Collaboration

  • Positive impact: Organisations can proactively monitor and detect insider collaboration with AI, enhancing their ability to prevent and respond to sophisticated attacks.
  • Negative impact: Insiders may use AI tools to augment their malicious activities, making it more challenging for security systems to discern between legitimate and nefarious actions.

Privacy Concerns

  • Positive impact: Organisations can implement ethical AI practices and privacy-preserving technologies to balance security measures with employee privacy, addressing concerns and complying with regulations.
  • Negative impact: Poorly implemented AI monitoring may infringe on employee privacy, leading to legal and ethical challenges and potentially damaging the trust between employees and the organisation.

What Is The Short-Term Outlook?

Sure, AI is being used to amplify the capability of bad actors by developing more sophisticated malware and facilitating cyberattacks from systems like FraudGPT.

AI can be increasingly used for social engineering attacks, such as automated spear phishing and convincing interactions with victims using email, voice, and text communications.

In reality, it will be a while before AI can think independently and decide between good and bad. It will be some time in the future when it can act like a “human” and become a true insider.

Prediction #2

Increased Economic Pressures

Today’s organisational behaviour scenario is as dynamic as the environments in which organisations function. It’s a blend of trials and triumphs, where the key lies in using the right approach to minimise the trials and optimise the triumphs.

One of the main challenges and opportunities facing organisations is the increasing economic pressure.

Economic pressure has been rising globally due to several key measures such as the slowdown of GDP growth (like in China), rising unemployment, declining consumer spending due to price increases that we have seen in the Western world, reduced business spending and confidence, political unrest, conflict in parts of the world and the global deterioration in trust.

In today’s global economy, trust is king. Trust is the social underpinning of social behaviour and social reality. When mistrust and suspicion grow, it becomes even more difficult to transact, and costs, therefore, increase, as can be noted in the following equation (source: The Speed of Trust by Stephen M.R. Covey)

What are the consequences of economic pressure on organisations, therefore?

Economic downturns can profoundly impact organisations, extending beyond the immediate financial challenges.

Increasing economic pressure on organisations can have notable consequences, potentially heightening the risk of insider threats.

Job insecurity stemming from layoffs or hiring freezes may lead disgruntled employees to engage in malicious activities, exploiting their access to sensitive information.

Financial strain, salary freezes, and benefit reductions can foster discontent, making employees susceptible to engaging in insider threats for personal gain or retaliation.

Increased workloads due to downsizing can contribute to burnout, affecting judgment and potentially leading to security lapses.

Communication challenges and a lack of transparency during economic downturns may create an environment where employees feel disconnected or undervalued, increasing the likelihood of insider threats as individuals may perceive a diminished commitment to their well-being.

Organisational and employee stress intensifies due to factors such as job insecurity stemming from layoffs and downsizing, increased workloads due to reduced staffing, and financial strain caused by salary freezes and benefit cuts.

Overall, economic can amplify internal vulnerabilities, necessitating proactive measures to mitigate insider threats and maintain organisational security.

The increased economic pressure will certainly have a cascading effect, as depicted in the above diagram.

Prediction #3

Rise In Insider Attacks

Insider threats represent a significant and evolving challenge for organisations.

According to IBM, the X-Force Threat Intelligence Index 2023 reported a 13% increase in insider threats year-over-year.

Another report from Bridwell shows that around 77% of organisations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyber threats in the last three years.

A further report from GURUCUL in their 2023 Insider Threat Report revealed that 74% of organisations say insider attacks have become more frequent.

The latest Verizon 2023 Data Breach Investigation Report found that insider threats accounted for 22% of all data breaches.

These studies suggest that there is a growing problem for organisations of all sizes.

Cause Of Growth

A number of factors in the changing landscape may explain this rising threat. However, there’s no single cause for the rise of insider attacks, but rather a complex mix of factors contributing to this trend. Here are some key points to consider:

Increased Temptation – The explosion of sensitive data stored electronically has become a double-edged sword, creating both immense value and significant vulnerability. This treasure trove of information, from financial records to intellectual property, attracts competitors, malicious actors and nation-state sponsors.

The ease of copying and transferring electronic data compared to physical records lowers the barrier to entry for attackers, even those with limited technical skills.

Furthermore, the sheer volume of data collected often leads to sprawl, creating blind spots and increasing the attack surface. This combination of temptation, opportunity, and ease of execution fuels the rise of insider attacks.

Increased Accessibility – Increased accessibility fuels the rise of insider threats. This accessibility stems from remote work, broader employee roles, and data sprawl, creating multiple entry points for malicious actors. The ease of copying and transferring electronic data compared to physical records further simplifies potential attacks, even for those with limited technical expertise.

Increased Sophistication Of Bad Actors – Gone are the days of basic malware and phishing attempts.

Today’s attackers wield various advanced tools and techniques, from social engineering, that manipulate employees into granting access to custom malware designed to evade detection. They exploit software vulnerabilities, collaborate through Cybercrime-as-a-Service (CaaS) platforms, and even form insider networks to orchestrate targeted attacks.

Attackers now target organisations for espionage, disruption, or reputational damage. Hacktivist groups with ideological agendas and nation-state actors pursuing strategic goals increasingly employ insider tactics. This diversity of motivations and the potential for broader impact raise organisational stakes.

Increased Targeting Of Insiders Within Critical Infrastructure – Attacks on critical infrastructure have become more frequent and severe.

While critical infrastructure’s high value attracts attacks, it also makes its insiders highly prized targets. Malicious actors increasingly recruit, coerce, or bribe insiders to gain access to these systems. These insiders, with legitimate authorisation and knowledge of security protocols, pose a unique and dangerous threat. They can bypass traditional security measures and inflict more significant damage than external attackers alone.

The question is, will 2024 be any different?

Based on the reports and the reasons we have mentioned, it’s difficult to predict whether 2024 will see even worse insider threat attacks than 2023.

However, the evidence and other trends suggest that we should be prepared for the continued rise of insider threats in 2024.

Prediction #4

Social And Geopolitical Pressures

The relentless flow of news stories is centred chiefly around cyberattacks, hacks, and breaches. Criminals and hackers don’t seem to take a rest and are always ready to breach the organisations’ defences.

The cyber threats to an organisation can be overwhelming, and it can be easy to become distracted by the latest vulnerability or breach.

The daily news reminds us that the world is becoming a very uncertain and dangerous place.

Geopolitical threats from hostile foreign powers extend beyond government and military targets as disinformation and disruption have become tactics across business and society.

If you think about it on a basic level, there is no more significant threat than uncertainty.

You may be uncertain whether you are a target, but at least you know that a committed bad actor will look for all vulnerable doors into your business, including your people. That’s a certainty.

You may be uncertain whether an outsider has recruited any of your employees for corporate espionage activities. Still, at least you know for certain that such activities could significantly harm your organisation.

You may be uncertain, not knowing what geopolitical event will occur, but you do know that it may impact your organisation significantly.

State-Sponsored Attacks

Businesses and their infrastructure are getting swept up in international affairs at a rapidly increasing rate.

We see competition or animosity between nation-states playing out via the theatre of cyberwar.

Nation-states increasingly utilise insider threats as a key tactic in their cyberattacks.

This involves recruiting individuals with authorised access to infiltrate organisations and steal sensitive data, disrupt critical infrastructure, or facilitate further compromise.

These attacks have a high chance of success and are challenging to attribute because they exploit insiders’ knowledge and bypass external security measures.

Recruitment methods include targeting disgruntled employees, exploiting personal vulnerabilities, or utilising pre-existing networks.

Once recruited, insiders can steal data, sabotage systems, create backdoors, or grant access to external attackers.

In an article published late in 2023 by Reuters, state-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure and businesses.

What evidence do we see?

  • According to Tom Burt, corporate VP of customer security & trust at Microsoft, there has been a “disturbing” increase in aggressive nation-state cyber activity in the past year. This is based on their 2022 Microsoft Digital Defence report.
  • An article published by Reuters in late 2023 indicated that there has been a rise in sponsored groups targeting critical infrastructure in Australia. (source:

Corporate And Economic Espionage

The globe has become a moving chessboard where each nation pulls and pushes strings in the background. Some countries are striving for dominance. Some countries are fighting for survival.

2024 will see trade wars, tensions escalate, and economic instability rise.

This complex geopolitical game spills over into the corporate world, fuelling a rise in corporate espionage. Companies become pawns where their secrets are wanted, like winning strategies.

What signs do we see of increasing espionage?

  • The domestic intelligence chiefs of the Five Eyes (Australian Security Intelligence Organisation (ASIO), the Canadian Security Intelligence Service (CSIS), the Federal Bureau of Investigation (FBI), and the New Zealand Security Intelligence Service (NZSIS)) alliance warned businesses in October 2023 that they were seeing a “sharp rise” in attempts by hostile states to steal intellectual property.
  • ASIO warning Australian citizens of foreign interference, espionage and terrorism. (Source:

Social Risks

Geopolitical risk is not only about high-profile international events, conflicts, or shifts. It refers to the potential for societal harm caused by various factors interacting on a global scale. These risks can manifest in diverse ways, impacting individuals, communities, and entire nations.

Social risks and insider threats are intricately linked in the complex tapestry of geopolitics. They feed off each other, creating a vicious cycle with devastating consequences. Here’s how:

Disinformation and propaganda: The manipulation of information can create fertile ground for insider threats. Imagine an employee exposed to constant narratives demonising a specific group. This individual, already grappling with personal frustrations or economic hardships, might become vulnerable to radicalisation. State actors or extremist groups can exploit this vulnerability, recruiting them to commit insider acts as a twisted form of “patriotism” or revenge.

Cybersecurity threats: Imagine disgruntled employees manipulated by online disinformation campaigns questioning their company’s ethics or involvement in international conflicts. The erosion of trust can lead them to leak sensitive data or sabotage systems, believing they are exposing wrongdoing.

Mass displacement and migration: Imagine an individual fleeing conflict or persecution, harbouring deep resentment towards their former government. Their desperation and lack of loyalty could be exploited if offered employment with access to critical infrastructure or sensitive information. This individual becomes a potential insider threat, susceptible to coercion or bribery to engage in espionage or sabotage against their former nation.

Erosion of human rights and freedoms: When governments crackdown on dissent, they inadvertently push potential whistleblowers into the shadows. Imagine a scientist witnessing unethical practices within a military program. Unable to voice their concerns through official channels due to fear of repression, they might resort to leaking classified information anonymously, becoming an insider threat driven by a desire for justice and accountability.

Are we seeing evidence of an increase in social risks?

There is plenty of evidence that there have been significant trends that point towards evolving and concerning landscape. For example:

  • Social media platforms like Facebook and Twitter have faced ongoing criticism for their inability to effectively curb the spread of harmful content, including hate speech and propaganda.
  • Studies by RAND Corporation and Oxford University show a surge in manipulated media content and coordinated disinformation campaigns online, often linked to specific geopolitical agendas.
  • Reports by the World Economic Forum and the Global Cyber Security Index highlight a steady rise in cyberattacks, with nation-states increasingly targeting critical infrastructure and sensitive data.
  • The United Nations High Commissioner for Refugees reports that 117.2 million people were forcibly displaced worldwide as of the end of 2023.
Prediction #5

Rise Of Data Privacy Concerns

It should come as no surprise that one of the day’s main issues is data privacy.

Our world has become increasingly data-driven, and digital platforms have revolutionised the way we work, play, and interact with one another.

However, this concerning development has forced us to share information online, continuously expanding our digital data portfolio and increasing the likelihood of misusing it.

Since GDPR came into effect in 2018 in Europe, more and more countries have followed suit. The shift toward consumer data protection across the globe has resulted in OAIC (Australia), CCPA (California), LGPD (Brazil), PIPL (China) and POPIA (South Africa), among others.

When it comes to data privacy, a lot is at stake.

It’s not surprising, therefore, that we can expect to see even more data privacy laws being adopted. This is due to several factors, including:

  1. The growing application of new technologies, including big data and artificial intelligence. Large volumes of personal data can be gathered and processed by these technologies, and the resulting information can be used to alter people’s behaviour, follow their activities, and draw conclusions about their personal lives.
  2. The increasing recognition of the importance of personal data. Organisations are becoming more conscious of the fact that they can benefit from the collection and sale of personal data to outside parties. Concerns about improper use of personal data and demands for more robust privacy protections have resulted.
  3. The fragility of personal data is highlighted by the rising frequency of well-publicized data breaches (like the Medicare and Optus breach in Australia). These hacks have damaged the public’s confidence in governments and corporations, and it is now evident that more has to be done to protect personal information.

How will the increase in data privacy concerns affect insider risk management?

When it comes to insider risk management, the growing number of concerns around data protection is a double-edged sword.

While it raises awareness and potentially fuels investment in Insider Risk Management Programs, it also introduces new complexities and challenges that require adaptation. Here’s a breakdown of both sides:

Negative Impacts

  • Limited capability made worse: Increasing data privacy governance presents an additional complex set of challenges for organisations already challenged with managing insider risks.
  • Data breach amplified: Increasing data privacy governance could allow insiders with malicious intent to take advantage of the situation to cause harm to the organisation, knowing full well the increasing severity of regulatory sanctions that are levied on organisations when they experience a data breach.
  • Intrusive monitoring: Increasing data privacy governance could add another layer of intrusiveness by implementing further monitoring measures to detect insider threats. This can raise privacy concerns for employees, potentially creating a feeling of being spied on. In addition, it can erode trust and morale, hindering productivity and collaboration.
  • Financial and operation losses: Insider incidents can lead to data breaches and leaks, causing more significant financial losses due to fines, lawsuits, reputational damage, lost business opportunities and increasing regulatory penalties.

Positive Impacts

  • Increase awareness and investment – Data privacy breaches often grab headlines, making organisations and the public more aware of the potential dangers posed by insider threats. This heightened awareness can increase investment in Insider Risk Management Programs, resources, and technologies.
  • Focus on Data Governance: Stringent data privacy regulations often demand robust data governance frameworks to effectively classify and protect sensitive information. Aligning Insider Risk Management Programs and data governance goals can improve data security overall.
  • Proactive approach: Data privacy concerns emphasise preventing data breaches rather than simply reacting to them. This can drive Insider Risk management Programs towards a more proactive approach, focusing on employee training, threat detection, and vulnerability management.

It’s critical to make clear that there is more going on here than just a straightforward cause-and-effect link between insider threats and data privacy problems.

While it’s true that growing privacy concerns may give rise to some circumstances that could increase the likelihood of insider threats, an increase in insider threats could also lead to an escalation in privacy governance.

Prediction #6

Hybrid Workforce Persists

Working in the office can sometimes feel like being in a fishbowl with employees swimming around in circles, waiting to be fed their next assignment.

The COVID-19 pandemic has catalysed workplace change, forcing employers to adapt to remote work and re-evaluate their traditional office-based models.

Needless to say, this created a state of anxiety, apprehension and high alert. The perception and awareness of doing business as usual ran out of the door.

Emotions were running high. Stress swelled. Fear was in everyone’s mind.

Such an environment will most likely lead to insiders making mistakes, losing sensitive information, and potentially damaging critical assets, intentionally or accidentally.

In times of severe stress, human beings will revert to the most fundamental instinct—“survival”, and consequently, logical thoughts will be thrown out of the window.

People are an organisation’s most important asset, but people are also human.

A large proportion of the global workforce operating outside the office has created new problems. The increased reliance on cloud systems, coupled with potential financial pressure, job insecurity, unfamiliar circumstances, and the general anxiety of a global pandemic, have created a perfect storm.

According to the Ponemon Report, 2022 saw a 34% increase in insider threat incidents. (source:

Will The Hybrid Workforce Continue?

Focus on the pandemic may be receding, but the hybrid work model appears to have a staying power.

According to the Littler Mendelson PC report, over 70% of US employers embrace hybrid work models. (source:

Despite economic uncertainty and layoffs at major organisations, only 20% of respondents believe in returning to a more in-person work environment.

While the hybrid work model offers many benefits for both employees and employers, it also increases the opportunity for insider threats.

  • Blurred lines: Physical and digital boundaries between work and personal life can blur in a remote setting, making monitoring data access and activity harder. This can create opportunities for individuals to engage in unauthorised activities without immediate detection.
  • Reduced visibility: Monitoring network activity and data access are more complex when employees are not physically present in the office, making it harder to identify suspicious behaviour in real time.
  • Poor data management: In many cases, employees accidentally violate security regulations and download corporate sensitive data onto their unsecured devices, making them uncontrolled by their organisation and exposing them to regulatory risk.
  • Poor cyber hygiene: Working from home and probably using their own computers as work devices without the proper cyber hygiene they were accustomed to while in the office posed a greater risk to the organisation.
  • More opportunities to abuse organisation assets: Outside of the watchful eye of the security and IT teams, malicious insiders have more opportunities to create trouble. They can steal data, share it with hacker groups, engage in espionage, or practice insider trading. For example, another new threat that has emerged in the last two years is cybercriminals and state-sponsored offering insiders’ money to help breach the company network.

How Will You Prepare For 2024?

“Success is where preparation and opportunity meet”. This statement beautifully embodies the delicate balance between being ready and seizing the right moment.

In the world of protecting an organisation’s critical assets, success comes from being ready and spotting trouble at first sign.

Preparation and opportunity can be defined in the following:

  • Secure: Being secure means investing in cost-justified security controls to protect the organisation’s most important assets.
  • Vigilance: Being vigilant means putting more significant effort into gaining insights around visibility and insights into threats that could harm these critical assets.
  • Resilience: Resilience means seeking to respond more effectively when an organisation’s businesses or systems have been disturbed and returning to normal operations as quickly as possible.

The insider threat problem presents different challenges to organisations attempting to go beyond information technology management and establish a robust risk management program.

If you are a cyber risk manager struggling to manage risks from insiders, then you are not alone.

Insider threats is not a technology problem. Insider activity, especially if they are malicious, moves along a continuum from idea to action. Such employees will find ways to evade security controls, making themselves so much harder to detect.

If you are a C-level executive or a board member and struggle with overcoming risk-spot blindness, then you are not alone.

Insider threats aren’t just the immediate damage they can inflict but the broader cascading effect on the organisation’s reputation, finances, competitive edge, and long-term stability.

The challenge lies in proactively preparing a culture of trust, vigilance, and security awareness while implementing robust security measures to prevent, detect, deter and mitigate insider threats before they materialise.

If you want to build an insider threat program for your organisation and require expert advice to guide you on your journey, please register your details
Alternatively, register your interest in the upcoming course “Building An Insider Threat Program”