Left to chance, unless you happen to bump into someone leaving the building with a box full of documents, you might never catch an insider red-handed. That is where an insider risk team comes in group of employees from various departments who have created policies that create a system to notice if confidential items have left the building. The team should include the technical IT and Security teams, as well as non-technical stakeholders such as members of the C-suite, the legal counsel and human resources.”]
Source: https://www.csoonline.com/article/3173846/who-should-be-on-an-insider-risk-team.html