A least privilege is one of the core principles of security and strictly enforces access controls on users. Besides, this principle demands users to have a limited and minimum access only required to accomplish their job functions. Moreover, it prevents users from accumulating unnecessary access privileges that they do not need for job assignments.
Least privilege helps organizations to minimize impact of attacks that may happen due to compromise of credentials. This applies for both insider and external threat actors. Usually, insider threats are more destructive than external attacks. Because, unlike external actors, insider threats have clear knowhow about the organization that they are conspiring to attack. However, granting least privilege will reduce the impact these disgruntled employees may pose on the organization.
When external crackers are able to compromise credential of an employee with privileged access, the consequence of the attack will be more destructive than standard user. Granting administrative privilege to employees should be to the minimum possible and even so should be subject to periodic auditing and reviewing.