There’s no getting around it, I am long in the tooth and have been dealing with individuals who break trust within their work environment for more than 30 years, both in government (where we called it counterespionage or counterintelligence) and in the private sector.
Today we call programs that help prevent or identify breaches of trust insider risk management (IRM). Over the years I have hypothesized that where such IRM programs reside within an organization will have a material impact on its focus and possibly its overall effectiveness.
In 2019, a CSO article raised the question “Insider risk management — who’s the boss?” and examined where the buck should stop in terms of taking responsibility for threats from within. Here we are four years later and the predicted growth of the role of an individual with a unique focus on the “insider threat” or “insider risk management” program hasn’t yet settled — it continues to evolve.