SIFMA Issues Updated Insider Threat Best Practices Guide

New York, NY, February 14, 2018 – As part of the financial services industry’s deep commitment to improving cybersecurity, SIFMA today issued the second edition of its Insider Threat Best Practices Guide.  The Guide is designed to be a resource for financial firms as they advance their insider threat programs by identifying and discussing best practices and understanding the regulatory and legal framework that shapes the development and implementation of insider threat programs. Additionally, this document helps financial firms measure their insider threat program’s effectiveness and structure against industry benchmarks and risk management models.

“There is likely no greater threat to financial stability than a large-scale cyber event.  25 percent of all cyber incidents today are caused by malicious insiders or, unintentionally, by other employees or contractors.  The number of cyber threat incidents have increased substantially over the past ten years from hundreds to several thousand incidents annually,” said Tom Price, SIFMA managing director of Operations, Technology and BCP.  “Insider Threat Programs are an essential tool as firms leverage benchmarks, guidelines and best practices to build and evaluate the resiliency of their programs.  SIFMA’s updated Guide reflects the most recent changes to employment and privacy laws, so firms can maintain and improve compliance while monitoring insider behavior for potential risks.”

The Guide expands the definition of ‘insider’ to include both accidental and malicious insiders, and offers details on how firms are treating accidental insiders and looking at intent as a key differentiating factor between the two categories.  It also offers updates to relevant domestic and international laws governing privacy and employment and how those laws can limit the way firms monitor for potential risks of insider threats. The Guide also contains case studies of incidents in the financial services industry. Additionally, the new version of the Guide builds on benchmarking and survey work carried out by SIFMA member firms, incorporating statistics from an Insider Threat Roundtable Benchmark Survey.

Some of the suggested best practices outlined in the Guide include the establishment and enforcement of effective information security policies, including a firm-wide written information security plan and incident response plan.  The Guide also highlights effective uses of both technical tools and human intelligence to combat insider threats.  In addition, it includes policies which address insider threat risk as well as training programs for all personnel, incorporating appropriate employee onboarding and termination procedures into the insider threat program.  The Guide also encourages cross-organizational participation in insider threat programs, including personnel in Human Resources and Internal Audit.


SIFMA is the voice of the U.S. securities industry. We represent the broker-dealers, banks and asset managers whose nearly 1 million employees provide access to the capital markets, raising over $2.5 trillion for businesses and municipalities in the U.S., serving clients with over $18.5 trillion in assets and managing more than $67 trillion in assets for individual and institutional clients including mutual funds and retirement plans. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit