Departing employees are a known leak risk and we can't see it happening
After a high-profile case where a departing executive took customer data to a competitor, the CISO needs visibility into the warning signs in the weeks before someone leaves. Microsoft Purview's insider risk capability would catch the signals, but the team has never deployed it; HR and Security don't currently share information about who is joining, moving, or leaving.
Trigger — Recent leak; board attention; HR and Security don't talk.
Good outcome — When HR flags that someone is leaving, the insider risk tools quietly watch for the warning signs — unusual downloads, copying to personal drives, sharing with outside addresses. HR, Security, and Legal review the signals together each week.