What is an 'Insider Threat' or 'Trusted Insider'?

What is an 'Insider Threat' or 'Trusted Insider'?


An insider threat, or trusted insider, is a security risk that originates from within Penske. It typically involves a current or former employee or contractor who has access to sensitive information or privileged accounts within the network, and who misuses this access.

Behaviours that may indicate an insider threat

Unusual working hours

  1. Unusual working hours without a good reason. They may not want to be around others in the office.
  2. Consistently work late

Hold a grudge

  1. Hold a grudge against their supervisor or Manager, the company, or colleagues
  2. Dissatisfied with their job/role
  3. Aggravated about lack of pay rise, missed a promotion

Seek information

  1. They may seek information outside of their normal role, such as financial details, Defence information, pricing, contractual details etc

Other factors

  1. Sudden financial need (such as an unexpected debt, health problems, family problems)
  2. Unexplained affluence. Have a new car or house that is unusual for their pay grade for example.
  3. Unusually disgruntled
  4. Have been given or they give extravagant gifts
  5. They ignore internal practices, processes, procedures

Reporting an Insider Threat

If you feel there is something suspicious about a work colleague's behaviour or circumstances, don't be afraid to report it. It is not the time to have a 'she'll be right' attitude, or be concerned about 'dobbing in a mate'. Many of the above factors don't necessarily lead to an insider threat, but consistent or multiple behaviours may indicate one. Whilst every report may not warrant investigation, a trend of numerous reports over a period of time may indicate an issue. So every report helps.

To report a suspected insider threat, use the Report an Insider Threat form. Rest assured, your name will not be provided to the person if an investigation is launched.

    • Related Articles

    • How to report a security incident, risk or threat

      To report a security incident, risk or threat, use the STIG portal at https://stig.penske.com.au and add a ticket using the most relevant layout option from the dropdown on the add ticket form.

    • Penske Cyber Security Strategy 2023-2025

      Please find attached Cyber Secuity Strategy document for Penske Australia & New Zealand for 2023-2025.

    • Overview of Penske's Information Security

      The attached document was created as an overview of Penske Australia & New Zealand's Information Security (InfoSec/Cyber Security) that can be provided to external parties as needed, such as during tenders and contract negotiations, or to provide a ...

    • Handling classified information summary table

      Please consult the attached Classification Summary table to provide guidance on how to handle different levels of official documents from the Australian Government including Department of Defence.