An insider threat is the risk that a person with legitimate access to systems, data, or physical areas will misuse that access, either deliberately or by mistake. The insider may be an employee, contractor, partner, or any trusted user with valid credentials. Because the activity comes from inside the permission model, it can look normal at first and bypass many perimeter defenses.
In cyber security, insider threats matter because trusted access can be used to steal data, alter records, exfiltrate sensitive files, or quietly search information for abuse. Defenders look for unusual queries, excessive downloads, access outside a user’s role, and suspicious use of admin tools. Common controls include least privilege, data segmentation, separation of duties, strong audit logs, and alerting on abnormal behavior. Insider threats can be malicious, such as espionage or fraud, or accidental, such as careless sharing or misconfiguration.