From Risk to Resilience: Insights from Australia’s Insider Risk Experts

The Australian Insider Risk Centre of Excellence (AIRCoE), one of three CoEs that combine to form the Five Eyes Insider Risk Practitioner Alliance, continues to set the benchmark for insider risk management in the region, and its latest masterclass was no exception. Hosted in Melbourne, the fourth edition of the AIRCoE program brought together over 20 participants and nine presenters, all dedicated to tackling the growing challenge of insider risk.

Against the backdrop of escalating geopolitical tensions and rapid technological disruption, insider risk management has never been more critical. The class was a powerful reflection of how the field is maturing, the community is expanding, and the urgency for executive engagement is rising. For those unable to attend, here are the key takeaways that every security and risk leader should consider when shaping their own insider risk programs.

Maturity: A Rapidly Advancing Discipline

The insider risk landscape in Australia is evolving at an impressive pace. The masterclass attracted participants ranging from seasoned executives and practitioners to analysts just beginning their journey. This mix underscored an encouraging trend—the capabilities within this field are deepening, and organizations are recognizing that insider risk is not a problem to be addressed reactively but a domain requiring dedicated expertise, structured processes, and continuous refinement.

Growth: From Training to Execution

A standout moment was hearing from a senior threat intelligence leader and an alumnus of the program. Two years after attending AIRCoE, they returned to share how they built and scaled an insider risk management program, securing executive alignment, refining governance, and successfully managing material risks. Their experience highlights a crucial lesson: investing in insider risk training pays dividends when organizations commit to turning insights into action.

Community: Insider Risk is a Team Sport

No organization can solve insider risk in isolation. The multi-disciplinary nature of the challenge—spanning security, HR, legal, and IT—demands a collaborative approach. Encouragingly, the insider risk ecosystem is strengthening. Alumni, experts, and practitioners engaged in networking sessions that provided unparalleled knowledge-sharing opportunities. AIRCoE’s soon-to-launch digital community portal will further accelerate this collaboration, offering a real-time platform for sharing best practices, developing risk indicators, and refining program strategies.

Executive Support: The Make-or-Break Factor

One resounding theme was the necessity of executive sponsorship. Insider risk leaders find themselves not only mitigating threats but also selling the importance of their programs internally. As one attendee put it, “More than half my job is to act as a salesperson internally.”

Executives need to understand the business value of insider risk management, and that requires security leaders to articulate risk in terms that resonate beyond technical metrics. A chief legal officer shared how early engagement with leadership helped insulate her insider risk team from potential conflicts and built trust across the organization. The consensus? Insider risk programs thrive when they are embedded in a culture of collaboration, supported by engaged champions across leadership.

Closing the Loop: From Education and Awareness to Policy and Programs

A key theme that emerged during the course was the importance of aligning cyber awareness training and organizational policies with insider risk management programs. One of the speakers provided a framework to help attendees understand the connection between leadership, action, observation, and education.

During the live indicator exercise using DTEX, participants were guided through the early stages of an insider incident and investigation. A key discussion centered on measuring and applying Acceptable Use Policies (AUP). Participants explored how insider risk management programs can assess and report risks within an organization, revealing that very few organizations measure AUP effectiveness, and none had established a feedback loop between policy, insider risk programs, and education and training.

This gap was highlighted by real-world examples where HR and legal teams struggled to take action or faced wrongful dismissal suits due to inconsistent policy enforcement. The discussion reinforced the need for unbiased, consistent, and mature responses to policy breaches, as well as cross-functional collaboration with key stakeholders.

The Risks are Real: Insider Threats Are Evolving

The threats discussed during the masterclass were stark and varied—ranging from state-sponsored espionage and financially motivated insiders to unintentional risks posed by well-meaning employees. What emerged clearly is that the line between internal and external threats is blurring. Sophisticated adversaries increasingly exploit insiders as entry points, making holistic detection and deterrence strategies more critical than ever.

Moving Forward: Where Organizations Must Focus

The insights from the latest AIRCoE masterclass reinforce the urgency for organizations to elevate insider risk from an operational concern to a board-level priority. Leaders should focus on:

• Investing in maturity: Insider risk is not a checkbox exercise; it requires continuous refinement and commitment.
• Fostering community engagement: Leverage the growing expertise within the field to strengthen your own program.
• Securing executive alignment: Programs that resonate with leadership and align with business priorities are far more effective.
• Understanding the evolving threat landscape: Recognizing that insider risks are increasing in complexity and sophistication will help security leaders stay ahead of emerging threats.

Insider risk management is no longer a niche discipline—it is a strategic imperative. As organizations navigate an increasingly volatile global landscape, those that proactively build and mature their insider risk programs will be best positioned to protect their critical assets, intellectual property, and reputational integrity.

The AIRCoE masterclass demonstrated that Australia’s insider risk community is gaining momentum, and for organizations still in the early stages, now is the time to act. The expertise, resources, and frameworks are there—the challenge is ensuring they are effectively deployed.

As a founding partner of the Five Eyes Insider Risk Practitioner Alliance, DTEX is committed to advancing insider risk management best practices for protective security and resilience across defense and critical infrastructure.

To learn more about our mission and how you can get involved, visit the FIRPA website or contact us for a threat briefing.