Richard Ford, Chief Technology Officer at Integrity360, discusses the nature of insider data risk’s and the unintended consequences of modern working environments.
Cybersecurity has long been focused on building walls, but the biggest threat is already inside.
Today, insider risk accounts for nearly half of all data breaches. This is not just about malicious actors.
It is about regular employees and trusted contractors who make simple, costly mistakes in complex environments. Remote and hybrid working has only intensified the problem.
With teams distributed and work happening across cloud platforms, SaaS applications and collaboration tools, it is harder than ever to maintain visibility over what is happening, let alone understand why.
The perimeter has shifted and with it, the nature of risk. Access is no longer tied to location, it is tied to identity.
Organisations are increasingly embedding AI into everyday workflows, these tools promise efficiency and speed, but they also introduce new vulnerabilities.
Employees paste sensitive data into chatbots, move information between systems to meet deadlines or adopt unapproved tools to get work done faster, none of this is malicious, but all of it creates exposure.
Attackers have noticed, increasingly, they are bypassing traditional technical defences and going straight to the source.
Whether through social engineering, phishing or coercion, the focus has shifted towards exploiting human behaviour.
In many cases, attackers do not need to break in if they can simply log in.
This is what makes insider risk so challenging, it does not always look like an attack, it looks like normal work.
A file shared at the wrong time, an account used in an unusual way, a system accessed from an unexpected location.
Traditional security tools were not designed for this level of nuance.
Tools such as data loss prevention can still play a role, but they often struggle in dynamic environments where behaviour changes constantly.
Static rules cannot keep pace with how people actually work.
At the same time, awareness programmes that rely on one-off training or simulated phishing exercises often fail to deliver lasting change.
In some cases, they create fatigue rather than resilience.
The problem is not that employees are careless. The problem is that the systems around them are not designed with human behaviour in mind.
To move forward, organisations need to rethink how they approach insider risk.
This starts with recognising that people are not just a source of risk, they are also a critical line of defence.
Human Risk Management (HRM) reflects this shift.
It is a behavioural approach to cybersecurity that focuses on how people interact with systems in real-world conditions.
Rather than relying solely on prevention, it emphasises detection and intervention at the point of risk.
This means monitoring user behaviour in context, identifying anomalies and responding in a way that supports the individual rather than penalising them.
For example, if an employee attempts to share sensitive data externally, the system can prompt them in real time, helping them make a better decision before the action is completed.
This approach recognises that mistakes will happen.
The goal is not to eliminate them entirely, but to reduce their impact and frequency.
However, technology alone is not enough. Culture plays an equally important role.
Organisations need to move away from a model where security is seen as a set of rules enforced by IT and toward one where it is understood as a shared responsibility.
Leadership has a critical role to play here.
When security is framed as an enabler of good business practice, rather than a blocker, employees are more likely to engage with it.
Success should be measured by improvement over time, not by how often people fail.
Training also needs to evolve. Generic awareness programmes are no longer sufficient.
Instead, organisations should focus on role-specific, scenario-based training that reflects the real decisions employees face in their day-to-day work.
A finance team will face different risks to a developer or a marketing team and training should reflect that reality.
At the same time, organisations must acknowledge how work actually gets done.
Shadow IT is no longer a fringe issue. It is a by-product of digital transformation.
Employees will always find the quickest path to productivity, whether that involves using an AI tool, sharing files through an external platform or connecting systems in ways that were not originally intended.
Trying to block this behaviour outright is rarely effective.
Instead, security needs to adapt to it. That means providing secure, approved alternatives that meet the same needs and ensuring that visibility extends across all environments, not just those formally managed by IT.
This is where identity becomes central. In a world without a fixed perimeter, identity is the control point.
Organisations need to understand who has access to what, under which conditions and how that access is being used.
Reducing standing privileges, enforcing strong authentication and continuously monitoring access are all essential.
Behaviour adds another layer. If identity tells you who a user is, behaviour tells you whether what they are doing makes sense.
Together, they provide a far more complete picture of risk.
The organisations that are getting this right are those that treat identity as infrastructure and behaviour as a key data signal.
They invest in systems that can adapt to how people work, rather than forcing people to adapt to rigid security models.
This also requires a shift away from a purely preventative mindset, no system is perfect and no control will catch everything.
Resilience comes from the ability to detect and respond quickly when something goes wrong, that means having clear visibility across assets, users and access points.
It means understanding where sensitive data resides and how it moves through the organisation and it means having the processes in place to act when abnormal behaviour is detected.
In the context of AI, this becomes even more important. AI is both a tool and a risk multiplier.
It can help organisations analyse behaviour at scale, identify patterns and respond more quickly to emerging threats.
It also simultaneously introduces new ways for data to be exposed and new paths for attackers to exploit, balancing these factors requires strong governance.
Organisations need clear policies around how AI tools are used, what data can be shared and how outputs are validated.
They also need to maintain human oversight, particularly in high-risk areas.
Ultimately, insider risk is not a problem that can be solved with a single tool or control, it is a reflection of how modern organisations operate.
Distributed, fast-moving and increasingly dependent on digital systems.
In that environment, cybersecurity cannot be about locking everything down, it has to be about enabling people to work safely and effectively.
That starts with a simple shift in mindset, instead of asking how to stop people making mistakes, organisations should ask how to help them make better decisions.
Because in a world where threats are increasingly internal and where AI is accelerating both risk and opportunity, the strongest defence is not just technology.
It is trust, supported by visibility, context and a clear understanding of human behaviour.
And that is where the future of cybersecurity will be defined.
