A definition of an Insider Threat in enterprises/organizations context is: "A current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an organization, and who misuses this access."
I would like to know if such a threat can be generalized in a broader context so I can say that: "An Insider Threat refers to any user or entity that misuses the delegated access by taking the privilege that it is already authenticated and authorized to the system. The misuse of delegated access can be unintentional such as program flaws and failure, or intentional such as user account compromise."
Is my generalization of the term "Insider Threat" correct?
If it is not, what term is used to designate the type of threat that I defined in my generalization (2nd paragraph)?