Which term describes unauthorized access to sensitive information by an individual?

The term that describes unauthorized access to sensitive information by an individual is best captured by the concept of an insider threat. This refers specifically to situations where individuals within an organization—such as employees, contractors, or business partners—manipulate their access to information systems to gain unauthorized access to sensitive data. These individuals typically have legitimate access, making detection and prevention particularly challenging.

Insider threats can manifest in various ways, such as data theft, sabotage, or unauthorized sharing of information, which distinguishes them from external threats that originate from outside the organization’s network. Understanding insider threats is critical in devising effective security policies and practices to strengthen an organization’s overall security posture.

In contrast, while breaches can involve unauthorized access, they do not exclusively imply insider involvement and may refer to external attacks as well. Exfiltration specifically pertains to the unauthorized transfer of data from an organization rather than the act of accessing it. Hacking generally denotes the act of breaking into a system, often associated with external attackers rather than insiders. Therefore, insider threat encapsulates the nuance of unauthorized access by someone who already has a legitimate foothold in the organization.