What are insider threats?

Insider threats are individuals with legitimate access to the company’s network who use their access, whether maliciously or unintentionally, in a way that causes harm to the organization. Insider threats aren’t always employees. They can also be former employees, contractors or business partners who also have access to company networks, systems or data. It's important to look at insider threats in addition to external threats, since many organizations focus on securing the perimeter but are often blind to the threats that walk through their front door every day.

people sitting around a desk and working

Why are insider threats so dangerous?

Insider threats account for 60 percent of cyber attacks, and they are incredibly difficult to detect. In fact, most cases go unnoticed for months or years. Regardless of whether the insider is a malicious employee or a contractor whose credentials have been compromised, security teams need the ability to quickly and accurately detect, investigate and respond to these potentially damaging attacks.

IBM Security team working

How to respond to insider threats before they disrupt your business

The IBM QRadar® Security Intelligence Platform enables security analysts to rapidly detect, investigate and respond to insider threats before attackers are able to steal data, damage systems or disrupt business operations. Using advanced analytics and machine-learning algorithms, the solution can identify high-risk activities, prioritize the riskiest users, uncover compromised credentials and alert security teams to serious incidents.

As alerts are raised in QRadar, analysts can use cognitive intelligence to accelerate incident investigations by 60 times. When integrated with complementary identity governance solutions, high-risk users’ accounts can automatically be suspended to contain a threat and block potential damage. With QRadar, security teams can respond to insider threats faster than ever before to better protect the organization’s critical assets.

Related offerings

QRadar UBA

Gain visibility into behavioral anomalies that may signal an active insider threat.


Intelligent security analytics for actionable insight into the most critical threats.

QRadar Advisor with Watson

Empower security analysts to drive consistent, context-rich investigations to reduce dwell times and increase analyst efficiency.

Related resources

SIEM and UEBA: Better together

See why organizations are pivoting between SIEM and UEBA for detection and response to insider threats.

IDC Lab Validation: QRadar User Behavior Analytics

IDC validates the key features and functionality of QRadar and QRadar User Behavior Analytics.

Watch the insider threat deep-dive webcast

Developing and maturing an insider threat program can be a complex endeavor. See how to quickly mature behavioral analysis with QRadar User Behavior Analytics.