search menu icon-carat-right cmu-wordmark

Insider Threat Incident Analysis by Sector (Part 1 of 9)


This post has been shared 1 times.

Hello, I am Randy Trzeciak, Director of the CERT National Insider Threat Center (NITC). I would like to welcome you to the NITC blog series on insider threat incidents within various sectors. In this first post, I (1) describe the purpose of the series and highlight what you can expect to see during the series, and (2) review the NITC insider threat corpus, which is the foundation for our empirical research and analysis. Join us over this nine-part series as we explore in-depth specific issues pertaining to insider threat. We hope you will follow along, and we encourage you to provide feedback about other sectors that we should analyze.

Since 2001, the NITC has been collecting incidents committed by insiders, both with malicious and non-malicious (unintentional) intent, that cause harm to organizations. To date, we have collected over 2,000 incidents and have broken them into categories based on commonalities or how the incidents tend to evolve over time. These categories include Information Technology Sabotage, Theft of Information (Intellectual Property), Fraud, National Security Espionage, Workplace Violence, Unintentional Incidents, and Other Misuse (e.g., Privacy Violations and Miscellaneous Incidents). Analyzing insider incidents by organizational impact informs mitigation strategies for organizations. Information about the NITC insider incidents types can be found here.

While presenting at conferences, workshops, and training deliveries, people often ask NITC members questions about the uniqueness of insider incidents in particular sectors. These people hope to identify unique mitigation strategies they can implement in their insider risk/threat program. This blog series will address that hope by presenting a common analysis framework and identifying data to be considered for developing behavioral and technical risk indicators; characteristics of the insiders perpetrating the incidents; organization events, actions, and conditions that may have influenced insiders causing harm; detection methods; and organizational impact (e.g., financial, operational, and health and safety).

Our blog series will analyze and summarize insider incidents in the following sector-specific categories: Federal Government, State and Local Government, Financial Services, Healthcare, and Information Technology.

For more information about the CERT NITC, see We're eager to hear your thoughts, ideas, and suggestions for insider threat mitigation. If you have questions or want to learn about future data analysis efforts regarding our insider threat incident corpus or to suggest a topic for our future research or blog posts, please send an email to us at Stay tuned for the next post, which we discuss in depth our new structure for analyzing sector specific data, or subscribe to a feed of the Insider Threat blogs to be alerted when any new post is available.

Entries in the "Insider Threats Across Industry Sectors" series:

Get updates on our latest work.

Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.

Subscribe Get our RSS feed