This document discusses the threat of compromised insiders in organizations. It defines a compromised insider as a person who unintentionally helps third parties gain access to their device or credentials. The document notes that while less than 1% of employees may be malicious, 100% have the potential to become compromised through malware or other means. It examines how easily malware can be distributed and how difficult it is for antivirus software to detect new threats. The document recommends organizations focus on data security rather than just endpoint protection to prevent data loss from compromised insiders.