Threat Domain / Category Index

Data and IP Exposure Use Cases

Data and IP exposure use cases involve trusted access to sensitive information that can be misused, mishandled, copied, retained, shared, or moved outside approved business purpose.

These scenarios often involve sensitive data stores, source code repositories, customer records, research and development information, trade secrets, regulated data, collaboration systems, cloud storage, removable media, screenshots, printing, messaging tools, or AI platforms.

A mature insider-risk program connects data visibility, access governance, monitoring, analysis, investigation, legal and privacy oversight, and executive reporting so that data-related exposure can be understood and reduced before it becomes a confirmed incident.

Aligned ITM Objects Board

These core Insider Threat Matrix™ objects are frequently observed in connection with this threat domain. Aligning monitoring controls to these objects ensures targeted coverage of preparation and infringement pathways. For complete framework definitions, refer to the Insider Threat Matrix™.

ITM IDObject NameTactical Context
ME024AccessUnauthorized access to sensitive repositories or databases forms the starting point for bulk copy and exfiltration attempts.
ME006Web AccessMonitoring outbound web access identifies anomalous data uploads to non-corporate personal drives or unapproved messaging services.
ME005Removable MediaUnregistered flash drives or external hardware write operations can clone core IP while evading cloud-based DLP filters.
ME011Screenshots and Screen RecordingUsing local capturing tools to grab screenshots of proprietary code or private spreadsheets to bypass clipboard restrictions.
ME014PrintingHigh-volume printing of product designs, patents, or customer lists, often occurring shortly before an employee resigns.
PR004File ExplorationAnomalous crawling of file servers or database directories, searching for high-value files outside of normal daily task duties.
PR016Data StagingGathering dispersed corporate documentation into localized staging folders to prepare for bulk copying or compression.
PR017Archive DataBundling files into compressed and password-protected archives (.zip, .tar) to bypass network inspections and accelerate egress.
IF010Exfiltration via EmailForwarding trade secrets, codebases, or customer directories to personal webmail addresses or external contacts.
IF001Exfiltration via Web ServiceDirectly uploading staged data to personal cloud systems (Google Drive, OneDrive) or public file-sharing platforms.
IF002Exfiltration via Physical MediumMoving staged files onto connected physical hardware, such as external SSDs, SD cards, or personal mobile phones.
IF018Sharing on AI Chatbot PlatformsSubmitting sensitive proprietary code or strategic company blueprints into public AI platforms for writing assistance.
IF034Exfiltration via Automated TranscriptionRecording proprietary presentations or strategy briefings via unapproved transcription software, sending transcripts to external servers.

Priority Use Cases in this Category (4)

Customer Data Misuse

A workforce member with customer-data access views, exports, screenshots, prints, or shares records without a business need or outside an approved purpose.

/customer-data-misuse/Explore use case detail

Data Exfiltration by Insiders

A user with legitimate access gathers sensitive files, stages them locally or remotely, and moves them through an approved channel used in an unapproved way, such as email, cloud storage, removable media, screenshots, messaging, or an AI platform history.

/data-exfiltration-by-insiders/Explore use case detail

Source Code Exfiltration

A developer or administrator uses authorized repository access to explore, download, archive, or transfer source code, secrets, or build artifacts outside normal development workflows.

/source-code-exfiltration/Explore use case detail

Trade Secret Theft

A departing, recruited, or financially motivated insider collects sensitive business, research, product, pricing, customer, or intellectual property materials and moves them outside approved channels.

/trade-secret-theft/Explore use case detail
Educational Reference NoteThis category index page is part of the ITMG® Insider Risk Body of Knowledge™. The Insider Threat Matrix™ is an open framework maintained by Forscie Limited. All rights reserved. For program implementation frameworks, metrics baselines, or proprietary assessment algorithms, please consult the Insider Risk Capability Framework™ (IRCF™) or schedule a Guided Exposure Assessment with ITMG®.