Skip to main content
Perspective:
Perspective
5 minute read

Insider risk management is your first line of defense

Four key actions to safeguard assets and ensure security

Amanda Holden
Victor Munro
Pierre-Luc Pomerleau
Jon Haywood

Contact Us

Connect now Connect now

Insider risks are an escalating threat to Canadian organizations. They jeopardize mission-critical systems, intellectual property, and employee safety. The financial and reputational costs can be significant, with organizations spending an average of US$17.4 million annually on containment and response.1 This figure represents an average cost, with the figure generally being higher for larger organizations in North America, particularly in the healthcare and IT sectors.

To address these risks, you need to implement organization-wide insider risk management: proactive and comprehensive strategies designed to detect and mitigate potential threats from within. Insider risk management strengthens detection and response controls, reducing risks from both malicious intent and accidental misuse of privileged access.

By the end of 2025, half of medium to large enterprises are expected to have formal insider risk management programs in place.2 Will your organization be one of them?

In this article, we outline four key actions to implement effective insider risk management in your organization.

The current insider risk management landscape

Insider threat incidents come in many forms. Deloitte’s 2024–25 cross-industry survey reveals that 73% of organizations experienced at least one internal threat incident in the prior year.3

The most commonly reported insider threat incidents were:

  • Theft of personally identifiable information (76%)
  • Theft of intellectual property (59%)
  • Fraud (53%)
  • IT sabotage (35%)
  • Harassment and workplace violence (35%)
  • Foreign interference (24%)
  • Ideologically motivated violent extremism (12%)

To build a comprehensive insider risk management program, you need more than just reactive security measures. You need to develop a proactive, strategic posture across organizational layers for end-to-end protection.

It’s worth the effort. Insider risk management programs can provide tangible and intangible benefits including reduced risk exposure, enhanced internal and external trust, and a demonstrable return on investment (ROI).

Here’s how to get started.

Insider risk management is a team effort, requiring cross-functional alignment and collaboration to share best practices and enhance risk modelling. Getting all areas of your organization to work together is the first step.

The number of insider incidents caused by negligence far outweighs those caused by malicious actors. To reduce the risk of negligence, strengthen communications across the organization. For instance, organizations should create dedicated working groups and cross-functional committees that include human resources, IT, ethics and compliance, security, legal, change management, corporate communications, business operations, and finance.

According to our research, only 14% of Canadian organizations have dedicated working groups for insider threats, highlighting an urgent need for action.4

When seeking external advisory services, select those with industry experience who can address the full spectrum of insider risk challenges, from cyber threats and internal fraud to organizational culture and change management. Choose advisors with a comprehensive ecosystem of partnerships with technology firms to ensure cutting-edge detection capabilities.

By fostering ongoing communication and accountability across these teams, you can build a resilient framework to proactively identify and mitigate insider risks.

Quickly developing and implementing dedicated insider risk management policies is essential to keeping your organization safe. While the increasing volume of cyber threats has led many organizations to prioritize cybersecurity, physical security remains essential. Ensure comprehensive physical and cybersecurity policies cover all departments and promptly put them into practice.5

 

Your team needs clear guidelines on how to detect, address, and respond to insider threats to strengthen commitment across the organization.

Skip to description

While post-hire monitoring is essential, insufficient application can introduce further risks. To stay on top of monitoring, conduct periodic employee evaluations. Additionally, integrate tools like user and entity behaviour analytics (UEBA), which provide continuous monitoring for key indicators (e.g., privileged access and data usage patterns) to identify heightened risk throughout the employee lifecycle.

UEBA detects anomalies by analyzing user and entity behaviours after establishing a baseline of normal network activity. However, only 10% of organizations indicate optimal use of UEBA.6 By integrating tools like UEBA, enhanced background screening, and sentiment analysis to align monitoring capabilities with validated indicators, your organization can detect and prevent insider risks.7

Enhanced monitoring to detect insider threats is only one part of the equation. In our survey, only 19% of respondents reported having a robust or target-state process for triage and escalation to manage responses to incidents related to insider threats.8

It’s essential to recognize insider threats involve both psychological and behavioural factors. A holistic insider risk management approach should analyze non-digital behaviours, such as in-person interactions and changes in employee habits.

 

While many organizations have systems for employees to report suspicious coworker behaviour, research on their success is limited. Canadian research indicates training and awareness efforts on what and how to report may improve overall reporting frequency, quality, and engagement.9

 

Although employees generally show a willingness and desire to report concerning coworker behaviour, they face various hurdles. These include structural, institutional, relational, social, and psychological barriers. Employees may also experience uncertainty about whether their reports will remain anonymous as part of internal reporting processes. In addition, there is often a lack of positive corporate incentives for employees to become more involved in identifying potential insider threats.10

 

Improving reporting relies on key actions:

  1. Consistently applying clear insider risk management policies across the organization
  2. Implementing ongoing training to equip employees to recognize and respond to potential threats
  3. Developing robust reporting programs and communicating their value
  4. Establishing institutional leadership that actively encourages reporting by offering incentives and fostering a security-conscious organizational culture

Take the first steps now

An effective insider risk management approach not only protects critical assets and aligns with national security imperatives, but also strengthens organizational resilience and reinforces internal trust.

Deloitte can help your organization unlock insider risk management ROI with a sourcing-first strategy to secure talent, trust, and transformation.

Connect with us to get started.

  1. Ponemon Institute and DTEX, 2025 Ponemon Cost of Insider Threats Global Report, 2025.
  2. Gartner, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal, 2023.
  3. Deloitte and the Canadian Insider Risk Management Centre of Excellence, Canadian Survey of Insider Risk Management (Forthcoming).
  4. Deloitte and the Canadian Insider Risk Management Centre of Excellence, Canadian Survey of Insider Risk Management (Forthcoming).
  5. Deloitte, “The Neglected Child: Physical Security,” 2025.
  6. Deloitte and the Canadian Insider Risk Management Centre of Excellence, Canadian Survey of Insider Risk Management (Forthcoming).
  7. Munro, V. Insider Threat Typology – an Analysis of Motivational and Behavioural Attributes Related to the Violent Extremist Insider Threat Type | Published in Counter-Insider Threat Research and Practice, 2025, Counter-Insider Threat Research and Practice.
  8. Deloitte and the Canadian Insider Risk Management Centre of Excellence, Canadian Survey of Insider Risk Management (Forthcoming).
  9. Munro, V. Insider Threat Typology, 2025, Counter-Insider Threat Research and Practice.
  10. Holden, H., Munro, V., Tsakiris, L., & Wilner, A. “The pull to do nothing would be strong”: limitations & opportunities in reporting insider threats, 2024, Information Security Journal: A Global Perspective.

Did you find this useful?

Yes
No

Thanks for your feedback

Meet our leaders

Victor Munro

Victor Munro

Senior Manager, Strategy, Risk & Transactions
613-786-3833
Pierre-Luc Pomerleau

Pierre-Luc Pomerleau

Partner, Financial Crime
438-341-2131
Jon Haywood

Jon Haywood

Partner, National Financial Crime Leader
416-202-2872

Explore more insights

Cybersecurity in mergers and acquisitions

We’ll cover the case for cybersecurity due diligence (cyber DD) in M&As, and a few steps you can take to protect your next “digital house”. 
Perspective
5 minute read

Strengthening the defence supply chain

Logistics plays a critical role in Canada’s military readiness and operational effectiveness. Effective logistics depends on a strong defence supply chain that comprises national defence industrial base and global suppliers. Yet Canada’s defence sector faces unprecedented supply chain risks in today’s fast-changing geopolitical landscape. Unchecked, these risks can cause disruptions, program delays, cost overruns, and sustainment issues that can hinder Canada’s defence readiness.  
Perspective
6 minute read

One Canadian Economy

It’s time for Canada’s federal, provincial, and territorial governments to work together, quickly and decisively, to bring down these barriers—creating jobs and driving economic growth across the country.
Perspective
7 minute read