Among 874 security incidents reported by companies to the Ponemon Institute for its 2016 Cost of Data Breach Study, 568 were caused by employee or contractor negligence and 191 were caused by malicious employees and criminals. Battling the insider threat is a focus today for all organizations.

We’ve created a categorized list of insider threat detection tools and resources to help you learn more and take action.


Groups with a dedicated or significant focus on insider threat research, detection, and prevention.

  1. CERT Insider Threat Center
  2. National Insider Threat Special Interest Group (NITSIG)
  3. Center for Internet Security


News and best practices from experts and vendors in the insider threat detection space.

  1. SEI Insider Threat Blog
  2. IT Security Central
  3. Dark Reading
  4. Ahead of the Threat
  5. The Insider Threat Man
  6. The Trusted and Valued Insider (Threat)
  7. Netwrix
  8. ObserveIT
  9. STEALTHbits
  10. Digital Guardian


Background and detailed advice to help you develop an insider threat program.

  1. Insider Threat Program: Your 90-Day Plan
  2. Insider Threat Prevention Complete Self-Assessment Guide
  3. Insider Threat: Prevention, Detection, Mitigation, and Deterrence
  4. Insider Threats (Cornell Studies in Security Affairs)
  5. Insider Threat: A Guide to Understanding, Detecting, and Defending Against the
  6. Enemy from Within


Detailed documentation on hundred of insider threat cases.

  1. CERT Insider Threat Center Database


We recently published a big list of cyber security conferences in 2018. Here are some conferences that focus solely or include sessions on insider threat detection.

  1. RSA Conference 2018
  2. SANS Security Awareness Summit 2018
  3. CyberThreat Summit 2018
  4. SecurIT 2018
  5. Insider Threat Summit 2018

Industry/Sector-Specific Insider Threat Information

Information and resources about insider threats in various industries.

  1. National Council of Information Sharing and Analysis Centers (ISACs)
  2. Government: Implementing an Effective Insider Threat Program
  3. Government: How to Build an Effective Insider Threat Program to Comply With the New NISPOM Mandate
  4. Finance: Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector
  5. Infrastructure: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors
  6. Healthcare: Healthcare Case Study: Beating Cybercrime, Nation-states & Insider Threats
  7. Healthcare: Protenus Breach Barometer

Threat Reports/Surveys

Recent research findings regarding the extent of insider threats.

  1. 2017 Verizon Data Breach Investigations Report (DBIR)
  2. Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey
  3. 2018 Insider Threat Report
  4. Privileged User Abuse & The Insider Threat
  5. Inside Job: The Sequel – The 2017 Federal Insider Threat Report
  6. 2017 IBM X-Force Threat Intelligence Index
  7. 2017 Protenus Breach Barometer Report

Insider Threat Tools

Collections of resources to help you battle insider threats.

  1. Insider Threat Toolkit, Center for Development of Security Excellence
  2. CERT Insider Threat Test Datasets

Training: Employee Security Awareness

Training resources aimed at educating the end user to prevent negligent insider attacks.

  1. SANS Security Awareness Training Solution
  2. 2017 Security Awareness Report
  3. Security Awareness Computer-Based Training Reviews
  4. Top 9 Free Phishing Simulators

Training: Insider Threat Hunters

Training resources aimed at educating the IT professional to detect and prevent insider threats.

  1. CERT Insider Threat Certificates and Training
  2. Cybersecurity Threats: Insider Threats
  3. CDSE Insider Threat Program Catalog
  4. NITTF Insider Threat Training
  5. SEI Building an Insider Threat Program

Vendors (Employee Monitoring Software)

Recent reviews of employee monitoring software packages that help detect and prevent insider threats.

  1. PCMag UK Review
  2. Capterra Review
  3. Review
  4. G2 Crowd Review


Techniques and best practices to develop an insider threat program, monitor for threats, and mitigate threats.

  1. CERT Top 10 List for Winning the Battle Against Insider Threats
  2. CERT Common Sense Guide to Mitigating Insider Threats
  3. Predictive Techniques to Catch Insider Threats Before they Become Criminals
  4. Keeping Up with the Joneses: How Does Your Insider Threat Program Stack Up?
  5. A Field Guide to Insider Threat Helps Manage the Risk
  6. What a Relief – It Works! How to Build an Insider Threat Program in 1 Year
  7. Taking Action Against the Insider Threat
  8. Analytic Approaches to Detect Insider Threats
  9. A Pattern for Increased Monitoring for Intellectual Property Theft by Departing Insiders
  10. Combating the Insider Threat
  11. Model-Driven Insider Threat Control Selection and Deployment
  12. Positive Incentives for Reducing Insider Threat
  13. An Insider Threat Indicator Ontology
  14. Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data

Insider Threat Detection