top of page

DTEX Systems Releases Groundbreaking 2022 Insider Risk Report

DTEX Systems, the Workforce Cyber Intelligence & Security CompanyTM, today announced the release of its 2022 Insider Risk Report. The report, based on real investigations and data collected by the DTEX Insider Intelligence and Investigations (i3) team throughout 2021, identifies a significant increase in industrial espionage incidents and the rise of the ‘Super Malicious Insider’ persona, and provides evidence that the abrupt shift to remote work has directly contributed to an escalation in psychosocial human behaviors that create organizational risk.

Key findings of the DTEX Systems 2022 Insider Risk Report include:

The ‘Super Malicious Insider’ accounted for 32% of malicious insider incidents investigated by DTEX i3 in 2021:

  • 72% year-over-year increase in actionable insider threat incidents;

  • 42% of actionable incidents were related to IP and data theft, including industrial espionage incidents related to the theft of trade secrets, source code, and active collusion with a foreign nexus;

  • 75% of insider threat criminal prosecutions were the result of remote workers;

  • 56% of organizations had an insider data theft incident resulting from employees leaving or joining companies;

  • +200% year-over-year increase in data loss associated with users taking screenshots during confidential Zoom and Microsoft Teams meetings; and

  • +300% year-over-year increase in employees utilizing corporate assets for non-work activities.

For more than a decade, insider threats have been categorized as either malicious, negligent or compromised. Based on the findings of the DTEX i3 team, a fourth persona has emerged—the Super Malicious Insider. The Super Malicious Insider is a technically proficient employee who is acutely aware of an organization’s cyber security architecture, solutions, and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators. Investigations performed by the DTEX i3 team found a dramatic increase (32%) in the use of sophisticated insider techniques across the insider incidents they studied, including a 43% increase in the usage of burner email accounts, a noticeable increase in the use of OSINT practices to conceal identity, and the active avoidance (96%) of techniques known in the MITRE ATT&CK framework.

“If any company thinks they don’t have an insider risk problem, they aren’t looking,” said Rajan Koo, Chief Customer Officer and DTEX i3Lead with DTEX Systems. “The addition of the super malicious persona in this year’s report provides a wake-up call that traditional cyber security tools, such as DLP, UBA, and UAM, are actively being avoided or circumvented by those with sufficient technical skill and malicious intent.”

The findings and insights detailed within this report are drawn from thousands of incidents and hundreds of insider risk assessments conducted alongside DTEX customers and prospective customers around the world, spanning a wide variety of countries, industries, and organizational sizes.

“While the increase in the amount and impact of insider risk occurred across industries, we found that it is most concentrated in technology and critical infrastructure at 33% and 24%, respectively,” said Armaan Mahbod, Director of Security and Business Intelligence, Counter-Insider Threat at DTEX. “The risk to critical infrastructure entities in the Five Eyes nations is especially significant as any compromise can be damaging to the national security of these countries and the safety and well-being of its citizens.”

To download the full 2022 Insider Risk Intelligence & Investigations Report, please visit:



bottom of page