Resilience through awareness: Rethinking insider threats

When people think of cyber threats, they often picture hostile hackers. However, some of the most serious risks come from inside the organisation itself. Known as insider threats, they’re one of today’s most pressing security challenges. According to Cybersecurity Insiders, 83% of organisations experienced at least one insider attack in the past year, while Verizon research indicates 29% of breaches for EMEA organisations originate from the inside.

As I explained in a recent discussion, insider threats aren’t just about IT systems – they’re security risks that originate from within an organisation. That’s why security and risk mitigation must be top of mind both inside and outside of work, as well as a keen awareness into the tools and solutions that make it possible.

Insider threats generally fall into three categories:

And it’s not just employees: contractors, partners, or anyone with access to systems can become an insider threat.

Insider threats are a challenge for everyone

It’s easy to think of insider threats as just an IT problem. However, line managers and leadership teams play a critical role in prevention by setting the tone for responsible digital practices. By treating security as everyone’s responsibility, organisations can take the first, crucial step toward creating meaningful resilience.

Changing attitudes towards security

Security isn’t something that starts and ends at the office door. As Fujitsu experts often remind us, the most powerful defence layer is people. That means fostering a culture where employees view cybersecurity as part of daily life – from spotting phishing attempts at work to enabling security features on personal devices at home. When security awareness becomes second nature, organisations are better protected.

Informed people and proper tools are the real defence layer

From multi-factor authentication and passkeys to secure password managers, modern tools are essential for adding vital layers of defence. Despite this, no tool is foolproof, and a careless click on a phishing email can sometimes bypass even the most advanced systems. This is why the strongest safeguard for any organisation will always be informed, vigilant people – supported by the right tools.

The future of UK defence is a whole-society approach

The UK Government’s Strategic Defence Review 2025 calls for a whole-of-society approach to security, recognising that defence is not just the domain of specialists. Businesses, government and individuals must work together to build national resilience in the face of today’s shifting threat environment. At Fujitsu, we share this vision, empowering organisations and their people to take proactive steps against insider risk.