The forensics team was called in. They started where most investigations start — the IT logs, the email trails, the VPN anomalies. Nothing obvious. This wasn’t a hacker. This was someone who understood the systems because they had built the systems. The breakthrough came from something entirely human. A competitor had placed a bid on a target acquisition that the company had been tracking privately for six months. The bid number — €347 million — was suspiciously close to the company’s internal ceiling of €351 million.

Close enough to win. Close enough to make anyone who knew that ceiling feel sick. Only eight people knew that number.

One of them had a son in private school, a mortgage underwater, and a lifestyle that didn’t quite match his salary — details that had always been rationalized away because he was good at his job and everyone liked him. This is the part that doesn’t make it into case studies: the moment you sit across from someone you trusted and watch the architecture of the lie collapse. There’s no drama. No confession at gunpoint. Just a grown man in a conference room, suddenly very quiet, staring at a printed spreadsheet that proves he was somewhere he said he wasn’t.

The company survived the breach. It lost one deal. It restructured its information access protocols. It hired counterintelligence professionals to map the blast radius. But the real loss? It took three years for the senior leadership team to trust each other again — fully, without that invisible asterisk. The lesson that professionals carry from stories like this isn’t about technology or encryption. It’s about the gap between access and trust.

We give people access because they’ve earned our confidence. But confidence and verification are not the same thing. They never were.

The mole inside isn’t always the outsider who got in. Sometimes it’s the insider who gets tired.

Note: This article was published for The SWAT Club — A networking platform for the counterintelligence community for private and public sector professionals.