National Insider Threat Awareness Month Spotlights Rising Internal Risks in an AI-Driven Era

When cybersecurity leaders talk about “the enemy within,” they aren’t always describing a malicious saboteur. Sometimes the danger comes from a rushed fix, a forgotten password change, or a well-meaning employee improvising under pressure. That tension between human fallibility and malicious intent is at the center of this year’s National Insider Threat Awareness Month, as companies grapple with how to reduce risk without eroding trust.

From Human Error to Malicious Actors

Richard Copeland, CEO of Leaseweb USA, stressed that many incidents stem from ordinary decisions rather than premeditated betrayal. “Insider threats aren’t always some mastermind with a grudge — more often, it’s a coworker trying to fix something fast or a partner skipping a step to save time,” he said. For Leaseweb, the focus is on building a culture of trust and shared responsibility where security conversations happen daily, not just during annual training sessions.

Roger Brulotte, CEO of Leaseweb Canada echoed that sentiment, emphasizing that the foundation of protection starts before a contract is even signed. “Not every insider threat is malicious — sometimes it’s just a well-meaning person making a decision that quietly opens the door to risk,” he said, adding that culture and continuous dialogue are what keep organizations resilient year-round.

AI Supercharges Insider Risks

While human error remains the most common trigger, artificial intelligence is reshaping the landscape. Steve Wilson, Chief AI and Product Officer at Exabeam, warned that insiders now have access to tools that can amplify their reach and stealth. “The danger from insider threats continues to grow in the modern cyber landscape, particularly as AI accelerates their speed, stealth, and sophistication,” he said. With most organizations still lacking behavioral analytics to detect AI-assisted intrusions, Wilson called for more proactive governance and real-time detection strategies.

Patrick Harding, Chief Architect at Ping Identity, raised another frontier: AI agents acting like insiders themselves. “The attack surface is expanding into new territory: AI agents can now act like internal users with their own access and behavior patterns,” he said, noting that distinguishing between human and bot activity is becoming critical.

The Cost of Carelessness

For others, the issue is not advanced AI but basic cyber hygiene. Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, pointed to high-profile cases like Elon Musk’s X platform to underscore the risk of insiders gone rogue. “A malicious insider is a significant cybersecurity risk, as such individuals can steal intellectual property, exfiltrate confidential information, sabotage systems, or manipulate business operations for personal gain,” he said. His prescription: train employees to recognize red flags and take reporting seriously.

Joshua Roback, Principal Security Solution Architect at Swimlane, argued that identity and access controls remain the cornerstone of insider defense. “Unlike external adversaries, they don’t have to find a way in. They already have the keys,” he said. Strong identity access management, paired with behavioral analytics, can expose anomalies before they become catastrophic breaches.

Stress Testing Security from the Inside

Some leaders believe companies need to go beyond policy and detection by stress testing their systems against insider scenarios. Pete Luban, Field CISO at AttackIQ, said that simulating real-world insider attacks is the only way to ensure teams are prepared. “Insider Awareness Month serves as a reminder to security teams about the importance of simulating real-world insider attack scenarios to assess the effectiveness of their security controls and response protocols,” he explained, noting that shadow AI and poor cyber hygiene are compounding risks.

Forgotten Systems, Hidden Liabilities

Insider threats aren’t always dramatic breaches. Sometimes they’re quiet oversights that accumulate into vulnerabilities. John Xereas, CIO at Nightwing, said that the recent Salt Typhoon campaign highlighted how both insiders and outsiders exploit overlooked systems. “Something as simple as neglecting to patch a device, overlooking stale credentials, or leaving an end-of-life system connected to the network can provide the same foothold for an adversary,” he warned.

Craig Birch, Principal Technologist for Cayosoft, pointed to IT administrators as an underexamined source of insider risk. Quick fixes like disabling multi-factor authentication or misconfiguring encryption can leave thousands of devices exposed. “Everyday admin changes are a form of insider-driven risk, arising not from attackers, but from human error, pressure, or incomplete understanding of the impact of a configuration change,” he said.

Building a Culture of Vigilance

Across perspectives, one theme emerges: insider threats are as much cultural as they are technical. Training, trust, continuous monitoring, and simulated testing are becoming baseline requirements for enterprises navigating a workforce where humans, machines, and AI agents all share the same networks.

As Copeland of Leaseweb put it, “National Insider Threat Awareness Month might come once a year, but keeping our people, our partners, and our customers safe? That’s an all-day, every-day thing.”