Insights From Australia’s Insider Risk Masterclass 2026

As insider risk continues to evolve, security professionals need contemporary frameworks, practical tools, and a collaborative community to stay ahead. This is the purpose of the Australian Insider Risk Masterclass, held in Sydney from Wednesday 25 to Friday 27 February 2026. 

Led by Australia’s foremost insider risk specialists and international experts, this 2.5-day program remains the country’s premier development opportunity for practitioners looking to build capability, confidence and collaboration. More than a theoretical deep dive, the Masterclass provides a practical toolkit participants can immediately apply within their organization. 

Delivered through the Australian Insider Risk Centre of Excellence (AIRCoE) — a collaboration between the Australian Cyber Collaboration Centre (Aus3C) and founding partners DTEX, McGrathNicol and MITRE — the program continues to advance Australia’s national insider risk maturity. This year’s Masterclass marked another significant step in the growth and evolution of the field. 

From the discussions and exercises, several key themes emerged that will influence insider risk programs in the year ahead: 

1. AI: the new insider risk frontier 

One of the most urgent and resonant themes was the role of artificial intelligence in insider risk. 

Of the 21 attendees, only three reported that AI is currently included in their program’s remit. This gap became more pronounced during discussion of the latest Ponemon Cost of Insider Risks Global Report and its framework illustrating the interaction between human and AI-driven risks. 

During the live indicator exercise using the DTEX Platform, participants confronted real examples of:

• non-malicious AI use (e.g., productivity shortcuts with sensitive data), and 
• potentially malicious behavior (e.g., code uploads to generative AI models). 

The core lesson was unmistakable: AI adoption is outpacing governance, and insider risk programs are uniquely placed to provide visibility, policy alignment and education. 

With generative AI rapidly proliferating across business functions, insider risk practitioners must now build methodologies to detect, deter and manage risks created or amplified by AI tools. 

2. Embedding empathy in security culture 

A standout session from Min Livanidis, Aus3C board member and former head of NBN Co’s Trusted Insider Program, prompted a paradigm shift in thinking. Her message: an effective insider risk program must be grounded in empathy. 

For some organizations, this requires reframing entrenched security behaviors. Participants explored how language (terms like “threat”, “incident”, “investigation”, “surveillance” or “misuse”) influences organizational trust and responses. 

By prioritizing empathy, programs can: 

• better understand user motivations 
• reduce defensiveness 
• encourage reporting 
• support more balanced and contextual decision-making 
• align with the program’s core mission: protecting both the organization and its people 

The discussion challenged attendees to rethink how they communicate risk and engage employees in a way that reinforces a positive security culture. 

3. Translating indicators into business impact

A hallmark of the Masterclass is the scenario-based indicator exercise, culminating in each team presenting their findings as if briefing an executive. 

This year, participants were encouraged to use empathetic, business-aligned language, shifting away from technical jargon. 

Examples included: 

• describing TOR browser usage in terms of reputational and compliance risk 
• framing source code uploads to AI models as intellectual property exposure 
• discussing user behavior patterns in the context of business disruption or insider stressors 

The challenge (and learning opportunity) was to convert complex data into insights that executives can quickly understand and act on. This skill remains one of the most critical for insider risk professionals seeking sponsorship, resources, and alignment across business units. 

4. Legal and HR at the insider risk management table 

One of the most powerful dynamics of the week was the active involvement of representatives from legal and people & culture teams. 

Their real-time contributions grounded discussions in: 

• legislative obligations 
• organizational culture 
• policy enforcement challenges 
• privacy and fairness considerations 

Their presence reinforced a fundamental truth: insider risk cannot succeed as a siloed security initiative. 

Early engagement with legal and HR: 

• strengthens program governance 
• prevents inconsistent policy enforcement 
• reduces the likelihood of wrongful dismissal or procedural error 
• builds trust and shared accountability 

Attendees left with a renewed sense of the importance of cross-functional collaboration. 

5. The critical role of physical security

While cyber often dominates discussions, several participants represented physical security functions and highlighted the breadth of risks insider programs must consider. 

Physical risk considerations included: 

• unauthorized access to restricted areas 
• theft or manipulation of physical assets 
• bypassing facilities controls 
• security fatigue among frontline personnel 
• the safety of employees when presented with internal and external threats

The message was clear: insider risk spans physical, personnel, cyber and information security. 

Incorporating physical indicators into overall posture reporting ensures programs become a comprehensive and trusted source of truth for risk management and executive teams. 

Where organizations must focus next 

Across all sessions, five areas emerged as priorities: 

1. Integrating AI visibility and governance 
   Insider risk teams must lead the way in identifying, assessing and mitigating AI-related insider risks. 

2. Embedding empathy into program design and communication 
   This strengthens culture, encourages engagement and improves outcomes. 

3. Lifting executive engagement 
   Practitioners need to translate technical behavior into clear business risks. 

4. Formalizing cross-functional collaboration 
   Early and ongoing involvement of legal, HR, cyber, physical security and IT is essential. 

5. Building holistic risk assessment across physical and digital domains 
   A comprehensive view strengthens organizational resilience. 

A community growing in momentum 

The Masterclass again demonstrated that Australia’s insider risk community is expanding in depth, diversity and maturity. 

For organizations still early in their insider risk journey, now is the time to act. The frameworks, expertise and support systems are available. The next step is committing to building programs that can protect people, assets and reputation in an increasingly complex threat environment. 

To learn more about the Masterclass or for information on how to get involved in the growing community of insider risk practitioners, contact DTEX.