The finding points to a shift in workplace fraud risk from external hacking alone to insider-enabled access, where criminals can enter corporate systems through legitimate credentials rather than breaking through technical defences. The issue is gaining urgency as businesses expand remote work, cloud platforms, contractor access and artificial intelligence tools, creating more routes through which staff accounts can be abused.
A workplace fraud survey of employees at large organisations found that 13% had either sold company login details to a former colleague or knew someone who had. The same proportion said selling access to company systems could be justified, while 75% considered it completely unjustified. The tolerance was markedly higher among senior staff: 32% of senior managers, 36% of directors and 43% of C-suite executives viewed such behaviour as justifiable. Among business owners, the figure rose to 81%.
That hierarchy of tolerance is significant because senior staff often hold broader access to finance systems, customer records, strategic files, internal communications and privileged administrative tools. Credentials belonging to executives or managers can therefore carry far greater value to fraudsters, ransomware groups and initial access brokers than ordinary user accounts.
The risk is no longer limited to a disgruntled employee stealing files before departure. Modern insider incidents include negligent staff exposing sensitive information, contractors misusing access, workers bypassing controls with unsanctioned software, and employees sharing credentials for payment or favour. Once a valid login is used, many security tools may treat the activity as normal, particularly if the attacker operates during business hours or through familiar applications.
Insider risk also carries a rising financial impact. Global organisations lost an average of $19.5m per business to insider risk events last year, with negligence, credential theft and malicious activity all contributing to the total. Malicious incidents accounted for 27% of losses, equal to about $4.7m, while negligent behaviour remained a major driver because of its frequency and difficulty to detect early.
The figures show why businesses are reassessing how they define trust inside the organisation. Traditional cybersecurity programmes have focused heavily on phishing, malware and perimeter defence. Insider-enabled fraud is harder to manage because the actor begins with authorised access, knowledge of internal processes and a plausible reason to touch sensitive systems.
The spread of remote work has complicated access governance. Employees now routinely connect through home networks, personal devices, collaboration tools and software-as-a-service platforms. Contractors and temporary staff may receive access quickly during onboarding but remain in systems after projects end. Former employees and colleagues can exploit weak offboarding processes, shared passwords or informal workplace relationships to obtain credentials that should have been revoked.
Artificial intelligence tools add another layer of exposure. Employees are increasingly pasting code, client files, meeting notes and corporate data into public AI systems, often without clear rules on what is permitted. This behaviour may not be malicious, but it can create data leakage and make insider risk harder to distinguish from ordinary productivity habits.
Security leaders are responding with stronger identity controls, behavioural analytics and tighter monitoring of privileged accounts. Multi-factor authentication remains essential, but it is not sufficient when users willingly share access, approve prompts or hand over session details. Organisations are placing greater emphasis on least-privilege access, short-lived credentials, automated offboarding and alerts that detect unusual downloads, file movement or system access by authorised users.
Culture is becoming as important as technology. The high level of tolerance among senior roles suggests that many organisations cannot rely on annual compliance training aimed only at junior staff. Fraud awareness, disciplinary clarity and executive accountability must apply across the hierarchy. Where leaders treat credential misuse as a minor breach, employees are less likely to view it as conduct that can enable financial crime or operational disruption.
Sectors handling sensitive customer data, payments, healthcare records, defence contracts and intellectual property face the greatest exposure. Financial services, technology, retail and public-sector suppliers are also attractive targets because a single trusted account can unlock payment systems, procurement portals, customer databases or cloud infrastructure.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
