I was reading about threat actors (bad guys who carry on cyber attacks) and the phrase “institutional knowledge” really popped… this relates to attacks done by insiders and very few people pay attention to them, even care about mitigating this very serious risk.
Anybody with an extensive knowledge of how your business works does not need much sophistication or super hacking skills Hollywood-style (most b.s. BTW), only needs to know enough like when Karen from Accounting leaves for a coffee break and forgets to lock her computer screen or if Bill from Sales has been sick for a week and left his password on a sticky note as he always does.
Food for thought…