Insider threat management in Australia

While Australia’s professional environment continues to evolve, people, wherever and however they work, still drive organisational performance. An insider incident occurs when changing circumstances, stresses, and motivations cause an employee or third-party to intentionally or unintentionally compromise organisational assets. Such compromises can cause irreparable damage to brand, reputation, and public confidence, and in cases of government institutions or critical infrastructure providers, can threaten national security and public safety.

Most Australian organisations are only starting to consider the risks posed by trusted insiders. While awareness of insider threats is increasing at the executive level, many organisations still take a narrow view of this multifaceted and people-centric problem set. Recent legislation and regulatory guidance, including the Security of Critical Infrastructure Act 2018 (SOCI), has helped to raise the profile of the insider threat. For many organisations, however, the journey to understanding and successfully mitigating insider threats is only beginning.

This report details the findings from Deloitte Australia’s inaugural Insider Threat Survey. Through this survey, Deloitte collected data from Australian risk leaders on their perceptions of insider threats and their organisations’ associated personnel security controls.