A Cyber-Ark Software survey showed that 41 percent of the 400 IT professionals interviewed admitted to abusing passwords to sensitive data. As reported at ReadWrite Enterprise, this presented an 8 percent increase since last year's annual "Trust, Security and Passwords" survey. The article also stated:
According to the Cyber-Ark survey, 70% of organizations have controls to monitor privileged access, but 61% say of respondents say they can circumvent these controls. The other 30% of organizations have no protection against admin abuses at all.
I doubt that the IT personnel who abuse passwords to go into areas of the company where they don't belong, like HR files, would consider themselves "malicious insiders," but chances are they are breaking the security policies that they would demand other company employees follow.
Security policies are vital for businesses these days, and if you don't have one, you should consider putting one together. However, a policy is worthless if it is not enforced or if some in the company think they are above the policy because of their job. The ReadWrite Enterprise article, via Trend Micro, offered some advice on how to monitor policy: