Trust and Citizenship: The Insider Threat

Can they be trusted?

In less than a year the General Data Protection Regulation (GDPR) will become law across the EU. Many commercial and public sector organisations have been spooked by the impending regulation with its associated, draconian, sanctions. There’s much talk of achieving GDPR compliance. But one of the most common reasons for data breaches or data sabotage is insider behaviour. Some employees – people who should be trusted – simply aren’t trust-worthy. It’s a major problem. No business can avoid data breaches when insiders seek to wreck. 

There are emerging technology solutions – such as blockchain – that effectively reduce the opportunity for humans/insiders to create havoc. We’ll be discussing blockchain, and trust, at our upcoming masterclass in October.  But, in the meantime, existing processes and governance are still vulnerable to insider threat. 

In this guest post Dr Charis Rice and Prof. Rosalind Searle from Coventry University outline some work that they are undertaking that looks at counterproductive work behaviour – behaviour that could result in revenge, data disruption or even systems destruction.  

It is now widely recognised that trust is a good thing for organisations. Being able to trust employees to do their work helps managers run their organisations efficiently. Employees who trust their organisation and their leaders are not only more likely to work hard, but to go beyond the objectives of their role, to exhibit ‘citizenship behaviour’.

But trust, to a large extent, is derived from the past, a bit like driving by looking in a rear view mirror, which is fine as long as the road remains the same. So what happens when an organisation faces things for the first time, such as having to make redundancies? For employees, periods of change can be important crucibles for trust and distrust. Change disconnects people from their previous employment roles and disrupts their psychological attachment to the organisation. It alters their relationships with close colleagues through whom their organisational identity is nested. More insidiously, the way change is managed can expose inequalities and inconsistencies leaving those affected feeling less committed. Suddenly previously model employees can become distrustful.

Transformations can create the emergence of internal threats to organisations, as longstanding employees become disgruntled, angry and sufficiently disengaged to behave in counterproductive ways as a form of redress, or worse, revenge. These can include small scale indiscretions such as time wasting, through to extremes of insider threat such as destroying systems or divulging confidential information to malicious others; they must therefore be considered within a broader context of threat to wider publics and national security.  So what exactly triggers insider threat, how is this linked to (dis)trust, and how can organisations stay secure during times of change? This is the topic of our new project, Assessing and mitigating the impact of organisational change on counterproductive work behaviour: An operational (dis)trust based framework.

Our project, funded by the Centre for Research and Evidence on Security Threats, seeks to build on our existing evidence base to produce a (dis)trust based framework for predicting, identifying and mitigating counterproductive working behaviours (CWBs) and insider threat within an organisational change context. In particular, we want to know:

  1. What impacts are produced by organisational changes in relation to counterproductive working behaviours and insider malicious acts?
  2. What role does (dis)trust within an organisational change context play in CWBs?
  3. What preventative measures can be taken by organisations to help mitigate the threat of counterproductive working behaviours and insider threats in organisational change initiatives?

We hope to provide organisations with better understanding of how insider threat develops not just from the recruitment of deviant or malicious individuals, but also from otherwise benevolent employees during periods of change. Our recent work analysing individuals’ cognitions and emotions in a number of organisations reveals the distinct individual, social and contextual triggers that enable some employees to remain engaged, loyal and trusting, while others become disengaged, distrusting and behave in deviant ways. In this project, we propose to test, refine and operationalise our framework through new primary data – critical incident interviews, employee surveys and analysis of HR documentation – with a security critical organisation undergoing considerable change. We will develop timelines of trigger incidents for three real life insider threat cases, allowing testing and refinement to our (dis)trust framework. The framework examines the dynamics of trust and distrust, to show how far it is a defining major event, or an accumulation of minor events that has the greatest impact on insider threat.

We hope to deliver a proactive identification model in the form of a practitioner toolkit which distinguishes between individual, social and organisational inputs, processes and outputs of insider threat, and which enables tailored mitigation strategies for organisations to innovate and change in a secure environment. More widely, a key outcome will be a solid evidence-base for policy makers to incorporate into security policies, and for academics to build further comparative studies with the goal of better tackling and ultimately reducing insider acts.

Dr Charis Rice and Prof Rosalind Searle and are based at the Centre for Trust, Peace and Social Relations at Coventry University. This project is funded by the Centre for Research and Evidence on Security Threats. More information can be found here.

Tweet about this on TwitterShare on LinkedInShare on FacebookEmail this to someone

About the Author

Jeffrey Peel
Editor, Citizen20Series and MD, Quadriga Consulting.I am responsible for all site content and have overall responsibility for site editorial, as well as site membership.