In addition to the considerable motive most organisations have to address insider threats themselves, many work under industry regulations that either directly specify how it should be addressed, or are closely related to the issue.
Examples of these include:
Sarbanes-Oxley (SOX)
The US Senate’s 2002 act is federal law relating to standards for public company boards and accounting firms. It closely relates to insider threats in its strict terms around the reporting it requires, and how unauthorised users must not be able to modify these reports, as well as granular requirements for internal controls of financial reports.
Payment Card Industry Data Security Standard (PCI DSS)
A set of requirements laid out by the PCI Security Standards Council, which is made up of the world’s main payment card brands, PCI DSS applies to any business taking card payments. It relates to the protection of cardholder data, and has specific IT security requirements for firewalls around that data, password protection, network access restriction at a user-level as well as access tracking and monitoring.