Every organisation faces insider risks, but not all insider risks become threats. Employees can be careless in mishandling data or inadvertently exposing sensitive information. However, they can also be malicious — intentionally wanting to cause harm — or compromised, when their account credentials are stolen by cyber attackers. When does an insider risk turn into a true insider threat? The answer often lies in intent and behavior and an organisation’s ability to detect and mitigate incidents before they escalate.