Most organizations have several cyber solutions in place, including firewalls, network security appliances, and anti-virus solutions. Still, they cannot identify or measure insider risks. Employees’ unintentional, but damaging, actions are a serious vulnerability that none of the traditional tools can defend against. Common Identity Management tools cannot prevent a malicious insider with credentials from stealing anything as they lack the context. For example, they have sensitive data hosted on servers with access control rules, but they cannot quantify how it is affected by users’ poor cyber hygiene practices and non-adherence to Acceptable Use Policies. They also cannot track the effectiveness of their security controls and training.