How Can Behavioural Science Help You Protect Your Business from Insider Threats?

How Can Behavioural Science Help You Protect Your Business from Insider Threats?

Behavioural science and insider threats

An insider is a person with legitimate access to your assets who uses that access to harm your organisation. This covers a huge range of activities, including theft, sabotage and data loss, and includes both accidental and deliberate acts. There is no single thing that makes a person commit an insider act. But behavioural science can give us some insights into why it happens and how you can protect your business from insider threats.

Is an insider a bad apple?

We know that there are some personality traits that represent a higher risk for someone becoming an insider. For example, a self-centred person with low empathy, like a narcissist or a psychopath, would be more likely to commit an insider act because they would be intent on achieving their own personal aims and indifferent to the negative impact on others.

At the other end of the spectrum, someone who is very highly committed to the organisation’s mission could also be risky. People who are over-invested in an organisation can be vulnerable to feeling betrayed if they perceive that they have been undervalued or let down by its behaviour. This perception could arise from an organisational shift of strategy or priority that leaves the individual feeling that they and their work have been marginalised.

The ‘bad apples’ model implies that your insider was a ticking time bomb from the outset, just waiting to go off. This explanation applies in some cases, of course. But there is no reason to think that someone with a risky personality trait will automatically commit an insider act. In fact, if managed well, people with such traits can be extremely beneficial to an organisation, and the vast majority will not go on to become insiders.

So, what other factors are contributing to insider risk?


We also know that the experiences a person goes through are crucial in shaping their insider behaviour. Insider acts can often be traced back to events in the person’s life. These can either be within the organisation (a job cut, a demotion, conflict with colleagues, etc.), or outside it (financial problems, health issues, relationship difficulties, etc.).

When a person is under stress, they are more likely to make mistakes – like sending the wrong email to the wrong recipient with the wrong attachment. These kinds of error can bring high reputational and financial costs. An accidental insider may also feel pushed into covering up their act to protect themselves, potentially worsening the damage.

Whatever the cause, stressful events and changes of circumstances may combine with a person’s personality traits to produce a difference in the way they think. This often leads to the development and deepening of a grievance against the organisation or specific people in it. Typically, it’s characterised by a feeling of injustice or having been wronged in some way.

In some cases, the potential insider’s resentments may also be manipulated by an external actor, such as a criminal group, competitor, or state actor with an interest in your organisation. Whatever their path to this point, the person is now motivated to do deliberate harm.

But, even then, this grievance may not be enough to produce an insider act. What elements of the equation are still missing?


Committing an insider act is a big psychological step. However angry they may feel at the organisation, an individual may shrink from the idea that they are a traitor, and that others might see them in this light. The insider therefore needs an excuse that licenses their behaviour and enables them to justify it to themselves. This might be unethical behaviour on the part of the organisation or the organisation’s failure to meet its stated commitments. At a more mundane level, people may feel they have an excuse to break the rules if they see senior people doing it or if they feel that the organisation makes it too hard to follow the rules.


Research tells us that insider acts are often initiated in response to some relatively minor but emotionally charged event that represents ‘the last straw’. This might be an unpleasant email from a colleague or a challenge to an expense claim. Such an incident on its own would not ordinarily be sufficient to result in a malicious act. However, taken with the person’s disposition, their previous experiences and their sense of grievance, it can unleash a powerful emotional response that drives the decision to act.

Is there always an excuse and a trigger?

In many cases, an insider act involves an excuse that takes away the barrier and a trigger that finally pushes the individual to act, but not always. It is equally possible to have:

  • An insider act that is enabled by an excuse but does not have a trigger.
  • A trigger that is so strong that the insider does not feel the need for an excuse.

How can Blacksmiths help you to reduce insider threat in your organisation?

Insider threat is a complex problem that requires a nuanced and multi-faceted solution. Blacksmiths’ team of insider security specialists can help you to:

  • Identify and mitigate insider risks across the spectrum of factors involved
  • Reduce the chance of potential insiders joining your organisation or developing grievances that can contribute to their acts by advising on staff screening, vetting and management processes
  • Identify and monitor the data that might give you an early warning of insider threat
  • Avoid giving people the excuses and triggers that lead them to harm your organisation by applying behavioural science techniques from situational crime prevention
  • Strengthen your resilience to insider acts by making them harder and less rewarding to commit
  • Respond to an insider act effectively – some insiders always slip through the net. We can support you to minimise the damage, protect your reputation, and understand what happened so you can prevent it in future.

If you would like to know more, please contact us at