Insider Threat Probability Estimator

Estimates the annual probability of an insider threat incident using a weighted risk-factor model based on CERT Insider Threat research and organizational security metrics.

Total Number of Employees

Number of Privileged Access Users

Annual Employee Turnover Rate (%)

Estimated Disgruntled / At-Risk Employees (%)

Data Loss Prevention (DLP) Controls in Place?

User & Entity Behavior Analytics (UEBA) Deployed?

Privileged Access Management (PAM) Maturity

Security Awareness Training Frequency

Industry Sector

Known Insider Incidents in Past 3 Years

Formula

Step 1 – Raw Risk Score

rawScore = (privilegedRatio × 0.35)
         + (disgruntledPct × 0.30)
         + (turnoverPct × 0.15)
         + (historicalFactor × 0.20)

where:
  privilegedRatio  = privilegedUsers / totalEmployees
  historicalFactor = min(1, pastIncidents / (employees / 100))

Step 2 – Control Mitigation Factor

controlScore     = (DLP/2)×0.30 + (UEBA/2)×0.35 + (PAM/2)×0.25 + (Training/2)×0.10
mitigationFactor = 1 − (controlScore × 0.75)

Step 3 – Industry-Adjusted Score

adjustedScore = rawScore × mitigationFactor × industryMultiplier

Step 4 – Annual Probability (Poisson)

λ = adjustedScore × 2.5
P(at least one incident) = 1 − e^(−λ)

Assumptions & References

Weighting coefficients (privileged access 35%, disgruntled employees 30%, turnover 15%, historical incidents 20%) are derived from CERT Insider Threat Center research indicating these as primary predictive factors.
Departing employees contribute approximately 30% of insider threat actors (CERT/CC Insider Threat Database, Carnegie Mellon SEI).
Controls can reduce incident probability by up to 75% when fully deployed, consistent with NIST SP 800-53 and CISA Insider Threat Mitigation Guide effectiveness estimates.
The Poisson distribution models rare, independent events over a fixed time period (one year), appropriate for insider incident modelling.
The scaling constant (2.5) calibrates the model to Verizon DBIR base rates of 1–5% annual insider incident probability for average organisations.
Industry multipliers are based on relative insider threat frequency reported in the 2023 Verizon DBIR and Ponemon Institute Cost of Insider Threats Global Report.
This model is a risk estimation tool and does not replace a formal insider threat risk assessment or security audit.
References: CERT Insider Threat Center (SEI/CMU); Verizon DBIR 2023; Ponemon Institute "Cost of Insider Threats" 2022; CISA Insider Threat Mitigation Guide; NIST SP 800-53 Rev 5.

Insider Threat Probability Estimator

Formula

Assumptions & References

In the network

Network

Insider Threat Probability Estimator

Formula

Assumptions & References

More Calculators

In the network

Network