search menu icon-carat-right cmu-wordmark

Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector

July 2012 Special Report
Adam Cummings, Todd Lewellen, David McIntire, Andrew P. Moore, Randall F. Trzeciak

In this report, the authors describe insights and risk indicators of malicious insider activity in the banking and finance sector.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


This report describes a new insider threat study funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in collaboration with the U.S. Secret Service (USSS) and the CERT Insider Threat Center, part of Carnegie Mellon University’s Software Engineering Institute. Researchers extracted technical and behavioral patterns from 67 insider and 13 external fraud cases; all 80 cases occurred between 2005 and the present. Using this information, we developed insights and risk indicators of malicious insider activity within the banking and finance sector. This information is intended to help private industry, government, and law enforcement more effectively prevent, deter, detect, investigate, and manage insider threats in this sector.