Insider West 2026: What This Year’s Conversations Reveal About the Future of Insider Risk

I’m always excited to share the latest takeaways from my favorite annual security event, the Insider Risk Summit West that takes place in Monterey, CA. It’s now hosted and operated by Defense Strategies Institute (DSI Group), a well-known organizer of government, defense, and national security–focused conferences, and the conference never disappoints. It is the best place for valuable insights from industry leaders and an incredible opportunity to connect with this tight knit community of experts. 

This conference has always been a place where practitioners speak candidly about what’s actually working and what isn’t, inside insider risk programs. Across keynotes, panels, and hallway conversations, one theme surfaced again and again: insider risk has entered a new phase. It’s no longer a niche security discipline or a problem reserved for rare, high‑impact incidents. 

Insider West 2026 made it clear that insider risk is now central to enterprise safety and resilience, AI governance, and operational trust. Unlike prior years focused on program maturity or tooling gaps, this year’s conversations reflected a shared realization. The convergence of AI, workforce volatility, and distributed access models is forcing organizations to rethink long‑standing assumptions.  

If you didn’t attend the conference this year or maybe you did and you’d love a summary, below are my 6 takeaways that defined this year’s event. 

Takeaway 1: insider is about business risk, not just cyber risk  

One of the strongest shifts from prior years was how often insider risk was discussed in business terms, not technical ones. Speakers and attendees framed insider incidents around governance, accountability, and outcomes. Leaders are increasingly framing insider risk in terms of business impact, IP loss, regulatory exposure, operational disruption, not alerts and incidents.  

“The board doesn’t care about malicious vs. non-malicious actors. They care about impact.” 

Insider risk programs are being pulled closer to executive oversight, legal, HR, and enterprise risk functions. The conversation has shifted from “How do we detect insiders?” to “How do we prevent avoidable damage without slowing the business?” 

This reflects a broader maturation of insider risk programs. Organizations are moving beyond proving that insider risk exists to demonstrating how it materially impacts the business and how it can be managed without slowing it down.

Takeaway 2: AI has permanently changed the insider risk equation 

If there was one topic that dominated Insider West 2026, it was AI. Not as a future concern, but as an active force reshaping insider behavior today. Attendees shared real‑world examples of how generative AI accelerates data movement, lowers the barrier to misuse, and blurs the line between negligence and intent.  

At the same time, AI is increasingly seen as essential to managing insider risk at scale, provided it’s applied responsibly. 

The consensus was straight forward. Human risk and AI risk can no longer be treated as separate domains. Organizations must account for how people and machines interact with sensitive data together. 

Takeaway 3: behavioral context matters more than rules 

Another recurring theme was the growing recognition that static, one‑size‑fits‑all controls are no longer effective. I would argue that they never really were. 

“Risk is not an event. It’s a story.” 

Leaders emphasized that the same action can carry very different risk depending on who is doing it, when, and why. A download, a share, or an upload tells only part of the story without behavioral context.  

This year’s conversations reinforced a move away from binary thinking (allowed vs. blocked) toward a more nuanced understanding of intent, deviation, and risk progression, reinforcing the idea that intent cannot be inferred from actions alone. Insider risk is increasingly viewed as a spectrum, not an on/off switch. If you are applying controls equally, you have to rethink your methodology. 

Takeaway 4: employee experience and risk reduction are linked 

There was growing agreement that heavy‑handed monitoring and blocking often create more risk, not less. Employees find workarounds. Shadow tools proliferate. Visibility drops precisely where risk increases. While some organizations are seeing pushback from employees, works councils, and regulators against invasive approaches, the most mature programs focus on trust by design and that means transparency, proportionality, and privacy‑aware data collection. Trust isn’t being treated as a “nice to have”. It’s increasingly recognized as a prerequisite for sustainable insider risk management. This will push programs to focus more on sustainable, defensible insider risk programs. 

Takeaway 5: insider risk metrics are shifting from noise to outcomes 

Insider risk teams are being asked to demonstrate value in business terms, not security jargon with several sessions challenging how insider risk programs measure success. Traditional metrics like alert volume, case counts, and policy violations are losing relevance. In their place, leaders should be asking more meaningful questions: 

• Did we prevent loss?
• Are we able to intervene earlier than we used to?
• Have we been able to reduce friction for low-risk users?

This shift reflects growing executive scrutiny. CISOs are being asked to demonstrate value in business outcomes, not operational activity. 

Takeaway 6: insider risk is a team sport  

Like in previous years, Insider West reinforced that effective programs require coordination across security, IT, HR, legal, privacy, and leadership. Insider risk cannot be owned by security alone. Siloed ownership is breaking down as insider incidents increasingly span technical, legal, and human dimensions. Organizations are formalizing cross‑functional workflows rather than relying on ad‑hoc escalation. Policies alone can’t keep up.

With big tech looking more like utility companies as they work to grow and secure their massive datacenters, maybe best practices tell us what is old is new again. Effective programs described at the event rely on tight coordination across teams. Formal workflows are replacing ad‑hoc escalation. Governance models are being clarified before incidents occur, not after. 

What insider risk programs must consider for the year ahead

Taken together, the conversations at Insider West 2026 point to a clear evolution in how organizations are approaching insider risk. 

Programs are becoming more adaptive, more behavior‑informed, and more closely aligned with how work actually happens, especially in an AI‑driven environment.  

AI will continue to raise the stakes but also create opportunities for smarter, more adaptive approaches. The organizations best positioned for the future will be those that: 

• Treat insider risk as a business enabler, not a brake
• Balance visibility with privacy
• And design programs for how work actually happens 

There’s a growing recognition that preventing insider risk isn’t about watching people more closely; it’s about understanding behavior well enough to act proportionally and early. This is music to our ears here at DTEX.  

For CISOs and security leaders, the mandate is changing. Success will be defined not by how much activity is monitored, but by how effectively organizations protect what matters, without eroding trust or slowing innovation. 

Insider risk is no longer a side conversation. It’s a strategic discipline for a world where humans and machines work side by side.  Stay safe, everyone!

Request a demo to learn more about how the DTEX Platform enables proactive insider risk management.