Insider Risk Management Programs

In October 2024, the Australian Government issued an update to the Protective Security Policy Framework (PSPF). Introducing critical updates to the PSPF, including the introduction of Insider Risk Management (IRM) across all government entities. For the first time, Australian agencies have a mandate to develop and implement formal Insider Risk Management programs aiming at countering threats of Foreign Interference and Espionage.

“An insider threat program is implemented by entities that manage Baseline to Positive Vetting security clearance subjects to manage the risk of insider threat in the entity.” (PSPF Release 2024 – Req. No. 51)

These requirements set out by the Australian government reflects the need to address the growing threats concerning insider incidents, which include:

  • Data exfiltration & leaks from trusted personnel;
    • Malicious insiders with access to classified information; and
      • Unintentional insider threats due to poor cybersecurity practices and user error.

        With the rising risks of espionage, cyber sabotage, and unauthorised disclosures, these changes mark a significant shift in how Australian Government agencies should approach cybersecurity, with an increased focus on prevention, identification and collaboration to tackle insider threats.

        Key Updates on Insider Risk Management in PSPF Release 2024

        The October PSPF Release 2024 introduces explicit requirements for Australian government agencies, including:

        Insider Risk Management

        “An insider threat program is implemented by entities that manage Baseline to Positive Vetting security clearance subjects to manage the risk of insider threat in the entity.” (Req. No. 51)

        Meaning that any agency or entity managing security-cleared personnel (from Baseline to Positive Vetting levels) is now required to have a formal insider threat program in place to monitor access and mitigate risks stemming from those with access to sensitive or classified information.

        Why it Matters for Insider Risk Programs:

        • Individuals with security clearances often hold access to high-value systems and sensitive nation data. Making them potential targets for coercion, compromise or accidental risk
          • Agencies must implement ongoing inside risk monitoring, not just one-time checks at the vetting stage
            • Programs need to address both malicious insider activity and non-malicious indicators, such as behaviour changes, policy violations, or stressors
              Everfox Insider Risk Solutions

              How EverShield Can Help:

              With experience in supporting government agencies with national compliance frameworks globally. Everfox works with organisations to deliver Insider Risk Management Solutions that fit the business needs, including supporting with PSPF Release 2024 (October) Requirement No. 51. EverShield Insider Risk Solutions can support with:

              • Continuous Behavioural Monitoring
                • Real-time alerts on policy-violating activity
                  • Forensic investigation tools
                    Secure Access & Data Sharing Controls

                    The new framework introduced a stronger mandate for agencies to control the access, use, and sharing of sensitive and classified information when being accessed by individuals outside of the organisation. Placing an increased emphasis on the restriction, oversight and auditability of sensitive data flows across inter-agency collaboration, external contractors and supply chain partners. (Req. No. 75)

                    Why it matters for Insider Risk Programs:

                    • Agencies must be able to identify when data is access or shared, appropriately or inappropriately.
                      • Real-time visibility into who is accessing what data, when and why is now essential for national security.
                        • The ability to identify anomalous behaviour, enforce data loss prevention and flag or block risky transfers is a critical control.

                          Why Insider Risk Management is Critical in 2025 & Beyond

                          Insider threats: “30% of surveyed organizations within Government cite their main concern is the risk of an employee, contractor, or other trusted individual exploiting their authorized access to harm their organization.” – CYBER360 Report (opens a new window)

                          Foreign espionage: through the PSPF, the Australian government once again recognises foreign interference as a key driver for these enhanced cybersecurity measures.

                          Fines & non-compliance risks: Australian agencies failing to comply with PSPF mandates could face operational or financial consequences.

                          Act Now to Stay PSPF Compliant

                          The PSPF Release 2024 introduced the need to implement or strengthen Insider Risk Management (IRM) programs for Australian government agencies.

                          By implementing the right tools, policies and partnerships, mitigating insider threats, protecting national security, and working to comply with the PSPF are all goals that Australian government agencies should be striving towards.

                          Everfox has extensive experience helping government agencies implement comprehensive Insider Risk Management (IRM) programs, having worked closely with global government agencies on similar compliance initiatives such as the U.S Executive Order 13587 (EO 13587) signed in 2011 by Former President Obama to improve cybersecurity measures and address insider threats within the U.S government.

                          Whether you need to build an Insider Risk Management Program from scratch or enhance an existing framework, Everfox has the experience and tools necessary to help you meet the IRM PSPF Requirements.

                          Learn More About PSPF Insider Risk Compliance (opens a new window).

                          “One of the things that I didn’t emphasize enough are the capabilities to create very specific rules for detection. Specifically, the way that we can really narrow down to what an application is doing, to a user computer, or to a computer user group — it is so flexible and scalable.” -

                          PO AND SME, CYBER INVESTIGATIONS DEVOPS, OIL AND GAS (Forrester Total Economic Impact™ Report (opens a new window) of Everfox EverShield)

                          EverShield Insider Risk Solutions

                          1 Australian PSPF Release October 2024 List of Requirements (opens a new window)

                          2 Everfox CYBER360 Report (opens a new window)

                          3 Executive Order 13587 (opens a new window)

                          4 Forrester TEI Report of Everfox EverShield (opens a new window)

                          Shibu Thomas

                          Shibu Thomas

                          Field CTO, Insider Risk

                          Shibu Thomas is the field CTO for Insider Risk Solutions at Everfox. Shibu has been in the IT and Cybersecurity industry for over 24 years, working in various roles from IT support to systems administration to professional services to sales engineering and consulting. The past 18 years has seen Shibu focus on Insider Risk, with an emphasis on user and data protection. Shibu has worked closely with both the US Government and International Governments as well as private sector organizations – with a primary focus on designing, implementing and maintaining Insider Risk solutions.
                          In his current role as Field CTO at Everfox, Shibu continues to work with many Government agencies across the globe, as well as private organizations as they look to research and adopt Insider Risk solutions.