Malicious v. Unintentional - How to tell and does it matter?

With the expansion of insider risk tools and programatic advancement greater insight is being gained.  However, this has created a significant challenge, whether or not an insider is acting maliciously or if the threat was unintentional.  This can have a significant impact on how an insider risk program informs policy, process, technology, and training.  How is your organization making the distinction between malicious and unintentional insider threats?  Do you make the distinction?  If you do or do not, how does that impact incident response?

Jake DeWoskin
Director - Security Success Engineering