Which category of insider threat involves individuals who unintentionally compromise security?

Negligent insiders represent individuals who inadvertently compromise security, often due to a lack of awareness or training regarding security protocols. This category encompasses mistakes such as accidentally sending sensitive data to the wrong recipient, failing to use encryption for sensitive information, or neglecting to update software, which can create vulnerabilities. Unlike malicious insiders, who intentionally exploit their access for personal gain, negligent insiders do not have any ill intent; their actions are typically the result of carelessness or insufficient knowledge about security practices.

While compromised insiders and authorized users are relevant categories in understanding insider threats, they do not specifically address the unintentional nature of the threat posed by negligent insiders. Compromised insiders refer to those whose accounts have been taken over by outside malicious actors. Authorized users are individuals with legitimate access to systems and data but do not indicate the intention or awareness related to their security practices. Therefore, negligent insiders best encapsulates those who unintentionally jeopardize security.