What Is The Difference Between Data Loss Vs Data Leakage Vs Data Theft Vs Data Exfiltration?

What Is The Difference Between Data Loss Vs Data Leakage Vs Data Theft Vs Data Exfiltration?

Fictitious story

FinTech Solutions is a financial technology company that develops cutting-edge software for banking institutions. They have strict data security policies in place to protect sensitive customer information. However, they recently experienced a security incident involving one of their employees, Ben.

One morning, the IT team at FinTech Solutions noticed unusual network activity originating from Ben’s workstation.

Upon investigation, they discovered that Ben had been sending confidential financial transaction logs and customer account details to an email address outside the company’s domain.

As the investigation unfolds, it becomes clear that Ben has been secretly collecting and transmitting sensitive data for several weeks. He used his insider access to bypass security measures and extract data from the company’s databases without authorisation.

Can you guess what data risk type this is? Is it:

  • Data Loss?
  • Data Leakage?
  • Data Theft?
  • Data Exfiltration?

We often talk about data loss, data leakage, data theft and data exfiltration as if they are interchangeable. But, in fact, they are very different. And what makes it the difference is “intention”.

“Intention” is often defined as the purpose, aim, goal or objective to commit in carrying out action or actions in the future. It involves mental activities such as planning, rehearsal and forethought.

The difference between malicious and unintentional insider incidents is that the former has “intent” to commit a malicious act, whereas the latter has no “intent”.

Data Loss

Is the result of data that has been unintentionally or accidentally misplaced so that it is no longer accessible. Simply put, it is lost.

Here are some examples.

  • One ofthe easiest ways to suffer data loss is by accidentally deleting the files without having any available backup.
  • The computer disk drives may be physically damaged. They eventually break down over time.
  • Power failures can ruin the effort and the time that you spent developing articles which were unfortunately not saved.
  • Water and fire damage on your expensive computers will definitely affect the electronics as well as the hard drive.

We often lose data simply because we don’t have a proper workflow or procedure for data restoration.

Data Leakage

Is the result of the unauthorised and unintentional transmission of data within an organisation to an outside party. Be aware that data can be transferred electronically or physically.

Here are some examples.

  • Someone is taking a report home and accidentally misplaces it in the bus/taxi/train/plane. The leak occurs if someone takes that report.
  • Sending an email with corporate information to the wrong recipient.
  • Posting sensitive corporate information onto social media or public website with little security allowing the possibility of untrusted and unauthorised people to access information.
  • Uploading work documents to unauthorised cloud storage to be able to access work from home.
  • Unauthorised removal of physical equipment such as tapes, disks, or machines so that they can be worked on by a third party. How often have you seen a 2ndhand disk drive with someone else content on it?
  • Storing sensitive information or programs on their laptops so that they could have full control over it.

Data Theft

Data theft refers to the unauthorised or illicit act of intentionally stealing or taking sensitive, confidential, or proprietary data from its rightful owner or custodian. This type of cybercrime involves accessing, copying, or transferring data without permission, often with the intent to use it for personal gain, financial fraud, competitive advantage, espionage, or other malicious purposes.

Here are some examples:

  • Direct access: Unauthorised access to a computer system, database, or storage device to steal data directly from its source.
  • Data copying: Making unauthorised copies of files, documents, databases, or other digital assets containing sensitive information.
  • Data transfer: Illegally transferring data from one location to another, such as from a company’s network to an external device or server.
  • Data interception: Capturing data while it’s in transit, such as intercepting network communications or capturing data from unsecured wireless networks.

Data breach: Inadvertently or intentionally exposing sensitive data due to inadequate security measures, which can lead to data theft by malicious actor.

Data Exfiltration

Is the result of unauthorised but intentionally copying, transferring or retrieval of data from within the organisation and taking it out. It is often referred to as “data theft”.

Data exfiltration is primarily a “data breach” when the organisation data is illegally stolen. And the reason they steal it is usually for business advantage. They either take it with them to a new job, to start a new competing business or to take it to a foreign government or organisation.

Note, according to the insider threat division of CERT, nearly 75% of all data theft was carried out by insiders who had authorised access to the information.

Now that you know the difference between data risk types, what is your answer to the type of data risk type?

In this scenario, the threat can be identified as Data Exfiltration and Data Theft since Ben intentionally extracted and transmitted sensitive financial data outside the company’s secure environment for personal gain or other malicious motives.

But what is the difference between data theft and data exfiltration, I hear you ask?

  • Both data theft and data exfiltration involve unauthorised actions.
  • Both data theft and data exfiltration are intentional actions

However, data theft term is often used in a broader sense to describe any instance where data is stolen, regardless of whether it’s taken from within the organisation (insider threat) or from outside (external threat).

Data exfiltration, on the other hand, specifically highlights the method by which data is stolen. It refers to situations where data is not just stolen but is actively transferred or removed from the organisation’s internal systems or network to an external destination.

In this fictitious scenario, where an employee secretly collects and transmits sensitive data over a period of time without explicitly mentioning the extraction method, it’s more accurate to classify this as data theft.


  • Collection and transmission:The scenario mentions that the employee has been collecting and transmitting sensitive data for several weeks. This behaviour aligns more closely with data theft, where the focus is on the unauthorised acquisition of data rather than the movement of data outside the organisation.
  • Intent and duration:The fact that the employee has been engaging in this behaviour for an extended period suggests a concerted effort to gather confidential information for personal gain or other malicious purposes, which is characteristic of data theft.

What Can You Do Moving Forward?

As the saying goes, “Data by itself doesn’t leave the organisation by itself.”

It is essential that your organisation understand its information assets. Key questions that you must answer before you can move forward with the right strategy, you need to answer the following questions.

  • What types of data are processed? Is it medical information, personally identifiable information, credit card numbers, inventory records, etc.?
  • What kind of devices process this data? Is it servers, workstations, laptops, mobile devices, etc.?
  • Where is the data stored, processed and transmitted? Single location, multiple locations, foreign countries?
  • How is this data being moved or transmitted? Does it involve only corporate channels, or can it be moved to non-corporate channels like USBs, personal emails, and cloud storage?
  • What are the critical processes and systems that support the data?
  • And who has access to these information assets? Should they have such access in the first place?

Answering these questions will help your organisation inventory your data and, importantly, develop the appropriate mitigation strategy for data loss, leakage, theft, or exfiltration.

Take The Challenge

What is your capability to detect, prevent, deter and respond to insider threat harm? Would you be interested in finding out how you compare to your industry peers? Would you be surprised to know that most organisations that have taken this assessment are somewhat vulnerable? To find out more,


Is All Data Theft An Insider Job?

Is All Data Theft An Insider Job?

“Data theft is a curious paradox- unseen hands reaching for digital treasures, where the line between protector and pilferer blurs in the shadows of insider access.”


They say that “Data never leaves the organisation by itself”.

Could that be true?

Imagine the scenario where one of your seasoned salespersons, armed with your company’s strategic plans, abruptly leaves to join a competitor, potentially giving away your carefully crafted market strategies and trade secrets.

Alternatively, picture a situation where a new employee, seemingly innocuous at first glance, joins your team only to discover that they’ve brought an entire database of customer relationship material from their previous job, including contact lists, client preferences, and sensitive transaction histories. This could breach confidentiality and raise concerns about ethical practices and data protection.

Now, consider a third scenario: a trusted IT specialist with access to your network infrastructure decides to siphon off valuable intellectual property, such as software codes, algorithms, or proprietary technologies, with intentions to sell or utilise them elsewhere for personal gain.

Adding another layer, envision a consultant hired for a specific project who leaks crucial project details and methodologies to unauthorised parties instead of adhering to non-disclosure agreements, jeopardising your competitive edge and reputation in the market.

Lastly, think about a disgruntled executive who, upon departure, deliberately sabotages your digital systems, erasing critical data, disrupting operations, and causing financial losses, all in the act of retaliation or malice.

While these scenarios are fictitious, they highlight valid concerns about internal threats.

These examples demonstrate that data breaches can originate from within an organisation, whether due to malicious intent, negligence, or exploitation of vulnerabilities.

The question is… is all data theft resulting from an insider job?

Data theft can result from insider actions, but it’s not exclusively caused by insiders. We will discuss this later.

Insider threats, which include employees, contractors, vendors, and trusted third parties, can contribute to data theft through various means, such as malicious intent, negligence, or social engineering.

However, most would argue that external actors like cybercriminals, hackers, and malicious entities can also perpetrate data theft through cyberattacks, phishing, malware, and other techniques.

Have we, therefore, agreed that not all data theft is an insider job?

Let’s look more closely.

We generally define corporate data theft as when current or former employees, contractors, or business partners steal confidential or proprietary information from the organisation and use it to get another job, help a new employer, or promote their own side business.

Let’s review the many different ways data can leave the organisation, and for each case, we will identify whether it was internal or external.

  • The negligent Insiders are those you are most familiar with. These insiders had their computers infected with malware. These employees are typically infected via phishing scams or by clicking on links that cause surreptitious malware downloads. The computers of compromised insiders can then be used to exfiltrate data.
    • Example: Sony Pictures Entertainment data theft

In 2014, Sony Pictures Entertainment experienced a significant breach, leaking sensitive corporate information and employees’ personal data. The breach was initiated through a sophisticated phishing attack targeting company employees. Hackers sent convincing emails disguised as legitimate communication from within the organisation, prompting recipients to click on malicious links or provide login credentials.

  • Responsible for breach? Internal – The employee
  • The careless insidersare those who act carelessly, ignoring or bending the rules and making mistakes.
    • Example: Equifax data breach

In 2017, a cybersecurity incident occurred at Equifax, one of the largest consumer credit reporting agencies in the United States. The breach exposed the personal information of approximately 147 million people. Investigations later revealed that the breach was caused by a series of failures and carelessness within the organisation.

  • Responsible for the breach? Internal – The employee
  • The ignorant insidersare those who act with ignorance, making poor decisions and failing to follow the rules or guidelines.
    • Example: Australian Department of Immigration and Border Protection G20 data breach

During preparations for the G20 summit, an employee of the Department of Immigration and Border Protection accidentally sent an email containing the passport details, including photos, of world leaders such as then-U.S. President Barack Obama, German Chancellor Angela Merkel, and Russian President Vladimir Putin, among others. The email was sent to an organiser of the Asian Cup football tournament instead of the intended recipient within the department.

  • Responsible for the breach? Internal – The employee
  • The ambitious insiders are those employees who have an intentional reason to steal information for business advantage, either to take with them to a new job, to start their own competing business or to bring to a foreign organisation or Government.
    • Example: Tesla Data Theft

In 2018, a former employee of Tesla named Guangzhi Cao was accused of stealing proprietary information from Tesla with the intention of starting his own competing business. Cao, who worked as an engineer on Tesla’s Autopilot team, allegedly downloaded more than 300,000 files containing trade secrets and Autopilot-related source code onto his personal iCloud account before resigning from Tesla.

  • Responsible for the breach? Internal – The employee
  • The entitled insidersare those who believe that they are entitled to information, and, therefore, they think they have the right to take the information with them. This sense of entitlement can be particularly strong if the insider perceives their role in the development of products.
    • Example: Google vs Uber – Data theft

In 2017, Waymo, a subsidiary of Google’s parent company Alphabet, sued Uber for trade secret theft. Waymo alleged that a former employee, Anthony Levandowski, who later founded a self-driving truck startup called Otto, stole trade secrets related to autonomous vehicle technology while working at Waymo. Uber acquired Otto, and Waymo claimed that Uber benefited from stolen technology.  

  • Responsible for the breach? Internal – The employee
  • The Coerced / Colluded Insiders are those employees who are either coerced or collude with an external party. Outsiders recruit insiders to commit the theft of information.
    • Example: GE Economic Espionage

A former General Electric (GE) engineer, Zheng Xiaoqing, and a Chinese businessman were charged with economic espionage and theft of GE’s trade secrets.

Zheng Xiaoqing allegedly used his position to steal proprietary information related to GE’s gas and steam turbine technologies. He then conspired with a Chinese businessman to sell this stolen information to Chinese companies.

Responsible for the breach?  Internal – The employee

  • The trusted business partnersare organisations, such as partners, vendors, and contractors, that have access to the organisation’s critical assets.
    • Example: NSA Data Theft by Edward Snowden

In 2014, a contractor working for the National Security Agency (NSA) named Edward Snowden made headlines worldwide when he leaked classified information about NSA surveillance programs to journalists. Snowden, employed by Booz Allen Hamilton, a consulting firm contracted by the NSA, had access to highly sensitive documents and information due to his role as a systems administrator.

  • Responsible for the breach? Internal – The trusted partner
  • The new employee or departing employees are those who either bring information with them from the previous employer or take information to their new job for personal gain.
    • Example: NSO Stolen Code

In 2019, Najafi was indicted by Israeli authorities for stealing highly sensitive software code and attempting to sell it to a potential buyer in the Netherlands. The stolen code was part of NSO Group’s Pegasus spyware, a powerful surveillance tool governments worldwide use to monitor smartphones and access data.

Najafi, who had worked for NSO Group for several years, allegedly downloaded the stolen code onto his personal devices before resigning from the company. He then attempted to sell the stolen software to a Dutch cybersecurity firm for $50 million.

  • Responsible for the breach? Internal – The employee

Thus far, we’ve explored different forms of data theft carried out by insiders, whether they deliberately intended to steal information or inadvertently disclosed it.

In either scenario, the blame consistently fell on the trusted internal insider who was authorised and had access to sensitive information.

Does this mean that all data theft is an insider’s job? Let’s hold on to that thought for the time being.

One scenario we haven’t considered is cyber hacking into an organisation to steal information.

Data theft through the process of cyber hacking an organisation would not be considered an insider job if and only if the organisation’s employees were not manipulated, coerced, or socially engineered to divulge information.

It’s worth noting that a determined cyber hacker can only succeed if the organisation’s systems are vulnerable to such attacks.

It’s worth noting that people are responsible for creating and maintaining systems, making organisations vulnerable to potential skill and capability gaps needed for effective system security

In conclusion, it’s much easier to ask someone to open the door than to smash it down.

“No matter the industry or size, every organisation is susceptible to the risk of a trusted employee either causing a data leak or taking their most valuable assets with them.”

Key Takeaway

  1. Data Theft by Insiders: Most instances of data theft stem from insiders within an organisation, whether through deliberate intent or accidental disclosure. Insiders are trusted people with access to sensitive information and can exploit this access for personal gain or unintentionally expose data due to negligence or lack of awareness.
  2. Risk of Insider Threats: Organisations must recognise the significant risk posed by insider threats and implement measures such as access controls, monitoring, and employee training to mitigate these risks. Insider threats can come from employees, contractors, or trusted partners with privileged access to data.
  3. Human Vulnerabilities: Human vulnerabilities play a critical role in data theft scenarios. Insider threats often take advantage of human vulnerabilities, such as negligence or lack of awareness, to carry out data breaches within organisations. Employees with access to sensitive information may inadvertently expose data or intentionally misuse it for personal gain, highlighting the importance of addressing human behaviour in data protection strategies. Furthermore, external cyber attackers target human vulnerabilities, such as phishing susceptibility, as entry points to infiltrate organisations and gain unauthorised access to confidential data against insider threats and external cyber attacks targeting human weaknesses.
  4. Cyber Attacks as an External Factor: While insider threats are prevalent, organisations also face the risk of external cyber attackers exploiting vulnerabilities in their systems. Determined cyber attackers can bypass security measures and gain unauthorised access to sensitive data, leading to data theft and other cyber incidents.
  5. System Vulnerabilities: The presence of vulnerabilities in an organisation’s systems increases the risk of successful cyber attacks. These vulnerabilities can result from misconfigurations, outdated software, lack of patch management, or other weaknesses that cyber attackers can exploit.
  6. Insider Job:When considering data theft, it’s crucial to recognise that insiders rather than external actors perpetrate the majority of all of these incidents. Trusted employees or insiders within organisations often exploit their privileged access to sensitive information, making insider data theft a prevalent and concerning issue.

Why Data Loss Prevention Tools Are Failing To Stop Insider Data Theft

Why Data Loss Prevention Tools Are Failing To Stop Insider Data Theft

“In the silent exchange of data theft, we’re not just losing information, we’re surrendering fragments of our humanity, leaving us to ponder what it truly means to be secure in an increasingly transparent world.”

– Anonymous

On the 25th of June 2019, McAfee, one of the biggest security software companies in the world, filed a lawsuit against several former employees, accusing them of stealing trade secrets before starting new positions with Tanium (a competitor).

To carry out the alleged theft, the employees did not use the type of sophisticated technology that you might expect.

Instead, according to the lawsuit, confidential company information was moved to unauthorised USB devices, as well as through private email addresses.

Ironically, a company that professes to be the leader in security solutions around Data Loss Prevention suffered its own fate.

Let’s first identify Data Loss Prevention objectives.

Data Loss Prevention (DLP) is about keeping sensitive data safe from unauthorised eyes and preventing it from ending up in the wrong hands.  

The goal is simple but essential: Ensure that critical data isn’t used improperly or mistakenly shared with unauthorised individuals and prevent intentional theft or unauthorised access to sensitive information.

Critical components of a DLP begin with determining which sensitive data needs extra protection. This means sorting data into categories based on data classification and its importance and sensitivity. This step is super important because it helps decide what kind of security each requires when identifying sensitive data needs.

After identifying this data, it’s crucial to label it clearly and keep an eye on it to ensure it isn’t accessed or shared without permission.

The next big part of DLP is monitoring and controlling how data is accessed data, stored and transferred within the organisation.

Finally, having an automated response to potential data loss threats is vital.

Why didn’t McAfee use its software to protect its trade secrets appropriately?

It’s hard to know the real reason, but here are some probable causes:

  • It’s possible the information was encrypted, and the DLP solution couldn’t detect the theft.
  • It’s possible that they trusted their employees and decided not to use the DLP solution internally.
  • It’s possible that due to the complexity of the software and data, it was misconfigured and could not detect the data theft.
  • It’s possible it wasn’t set up to monitor nor detect that specific sensitive information leaving the organization.
  • It’s possible, and most likely, that even with all the security controls in place within McAfee, those trusted employees knew how to evade internal security.

Either way, it placed McAfee in a very awkward situation.

  • They incurred significant legal costs, including attorney fees, court filing fees, and related expenses, to fight this case.
  • They suffered reputation damage, eroding trust amongst its clients, investors and partners.
  • Loss of intellectual property. Trade secrets that are no longer secrets lose their value.
  • Loss of competitive advantage as they potentially face increased competition and challenges in maintaining their position in the marketplace.

You can find the source of the story here.


The takeaway from the McAfee and Tanium lawsuit is the importance of employee loyalty and adherence to non-disclosure obligations.

In competitive industries like cybersecurity vendors, where proprietary information and trade secrets are highly valuable, employees must uphold ethical standards and legal agreements even when transitioning between companies. Failure to do so can lead to costly legal battles, damage to professional reputations, and strained relationships within the industry.

The key lesson highlights that placing blind trust in employees’ loyalty always to do what’s right can potentially lead to unforeseen harm to the organisation.

This story vividly illustrates the severe repercussions that can occur when employees prioritise personal gain over loyalty to the organisation and disregard non-disclosure agreements.

What factors contribute to the limited effectiveness of DLP solutions?

Several factors can potentially contribute to a DLP solution’s limited effectiveness. Let’s explore them in more detail.

Part of the challenge is that data has never been more portable. So, taking it has never been easier.

Sales lists, product specs, pricing information, payroll data and even contact lists are just a few examples of small but critically essential files that are simple to take.

Employees can store hundreds of gigabytes on their mobile devices, put 1TB or more of data on removable media, or quickly transfer data to personal cloud storage services like Dropbox.

Side note:

The Insider Threat Division of CERT published several key points when it comes to information theft:

  1. Most insiders steal information as they are leaving the organisation.
  2. It’s challenging to detect such acts of theft because insiders steal information to which they already have authorised access.
  3. It’s difficult to detect the theft of information until that data is actually in the process of being stolen. Hence, the window of opportunity is relatively small.

One area that is particularly vulnerable for organisations is employees bringing their own smartphones, which can present numerous challenges for DLP solutions:

  1. Data Leakage via Photos:Smartphones with cameras can be used to capture sensitive information, such as documents, whiteboards, or computer screens, potentially leading to data leakage if these images are not properly secured or monitored.
  2. Unauthorised Data Storage:Employees may use their smartphones to store work-related files or data, creating data security risks if these devices are not adequately protected or if they lack encryption and access controls.
  3. Cloud Storage Integration:Many smartphones allow seamless integration with cloud storage services, allowing employees to easily upload and share files. However, this can bypass traditional DLP measures implemented within the corporate network.
  4. Communication Apps:Smartphones often have various communication apps installed, such as messaging or email applications, which can be used to share sensitive information outside the organisation’s secure environment.

The second part is that implementing data loss prevention technologies is somewhat difficult, and realising the full value is problematic (incomplete deployments are common). Here are some additional challenging points that organisations have often raised:

  • They are complex to deploy. Modern organisations deal with vast amounts of data in various formats (text, images, videos, etc.), making it challenging to create comprehensive DLP policies that effectively cover all data types.
  • Diverse IT environments:Organisations often have heterogeneous IT environments with a mix of on-premises systems, cloud services, and mobile devices, requiring DLP solutions to be compatible and integrated across these diverse platforms
  • Data classification:Proper DLP implementation requires accurate data classification to identify sensitive information and apply appropriate security controls. However, manually classifying data can be time-consuming and error-prone.
  • False positives and negatives:DLP solutions may generate false positives (incorrectly flagging legitimate actions as violations) or false negatives (failing to detect actual violations), impacting the trust and reliability of the system.
  • Continuous monitoring and updates:Data threats constantly evolve, requiring DLP solutions to be regularly updated, fine-tuned and monitored to detect new threats and vulnerabilities. This ongoing maintenance can be resource-intensive.
  • Resource and budget constraints:Implementing DLP solutions often require significant technological, training, and personnel investments. Organisations with limited resources or budget constraints may find deploying and maintaining robust DLP capabilities challenging.

However, the main challenge with DLP solutions is trying to solve a technology problem that isn’t a technology problem. It’s a “people” problem.

“Data by itself does not walk out of the door. It requires the action of a human person.”

Let’s look at the following equation:

A cause-effect relationship is well known globally, and it describes the connection between two events or variables, where one event (the cause) leads to or influences the occurrence of another event (the effect).

This relationship is fundamental in understanding how actions, phenomena, or conditions interact and produce specific outcomes.

Here’s a breakdown of a cause-effect relationship:

  • Cause: This is the event that initiates or triggers a change. It can be a single event, a series of events, a condition, or a behaviour. The cause is what brings about the effect.
  • Effect: This is the result or consequence of the cause. It can be a direct outcome or a chain of events influenced by the initial cause. The effect is what happens as a result of the cause.
  • Relationship:The cause-effect relationship establishes a link between the cause and the effect, demonstrating how changes in one variable lead to changes in another variable.

Let’s take the example of data theft by an insider.

  • The cause: The intentional breach of security measures by a trusted person
  • The effect: Sensitive information copied, stolen or exfiltrated.

How do DLP solutions act?

  • Preventing (cause):The DLP solution is part of the preventive measures implemented by the organisation to address potential causes of data theft. It helps establish policies and controls that define how sensitive data should be handled, accessed, and shared within the organisation.
  • Monitoring & Detection (effect):DLP solution actively monitors and detects suspicious or unauthorised activities related to data access, transfer, and usage by trusted employees. It uses content inspection, contextual analysis, user behaviour analytics, and policy enforcement technologies to identify anomalies and potential data breaches.

What is the root cause?

It’s essential to recognise that the root cause of data theft often lies in human behaviour and intention.

At its core, data theft involves individuals or groups with specific intentions and motivations. These motivations can range from financial gain, competitive advantage, espionage, retaliation, or even simple curiosity. These human factors drive the decision-making process behind data theft incidents.

What is the underlying problem of DLP?

Dealing with human intent.

As we know, organisations come in all shapes and sizes.

The same can be said about employees. Some are enthusiastic, some considerate, some engaged, some productive, and some not. You get the idea. Employees are different and have different motivations, values, beliefs, and behaviours.

The discussion of intent is viewed in the following:

Motive: This is the reason for doing something. Think of it as the “why” that motivates the “what.”

Agenda: Grows out of motive. It’s what you intend to do because of your motive.

Behaviour: This is the manifestation of motive and agenda.

Intent matters.

While we tend to judge ourselves by our intent, we judge others by their behaviour.

Most people have good intent. They sincerely want to do what is right and seek the best for others.

Some people genuinely have poor intent. Though they may not be aware of it or even admit it, deep inside, they seek their own profit, position or possession above others.

As a result, DLP solutions alone cannot solve the underlying actions driving human behaviour, such as the desire to steal information for personal gain or malicious intent.

Policies and technological controls can act as deterrents and barriers, but they cannot eliminate the motivation of the trusted employee wanting to carry that action.

DLP solutions are not designed to prevent human behaviours from intentionally committing malicious acts.

In short, DLP does not understand intent, so it cannot be expected to accurately detect, prevent, deter and respond to insider threats.

Key Takeaways

The essential takeaway is that while technology like DLP is important to data protection, data theft ultimately stems from human factors such as intent, behaviour, and awareness.

Organisations must prioritise addressing these human elements through training, culture-building, and ethical considerations to effectively combat data theft and insider threats.

There is no such thing as 100% data protection, for the mere fact that a human being can memorise specific information and just walk out.

Example: Anna Montes memorized classified data

There are few spies who have burrowed more deeply into the US government than Ana Montes. She was a senior analyst with the Pentagon, and her specialty was Cuba.

But here’s the twist: Montes was spying for Cuba. She memorised US state secrets and got them to the regime of former President Fidel Castro.


From Disgruntled To Dangerous

From Disgruntled To Dangerous

Exploring The Role Of Employee Discontent

“The difficulties of life are intended to make us better, not bitter.”
– Unknown

When an organisation hires a new employee, they look for the suitable skills, qualities, and capabilities they think will best fit their organisation.

Organisations understand the critical importance of recruiting the right employees and invest considerable effort and resources.

Organisations often utilise multiple recruitment channels to attract the right talent, including job boards, social media, and professional networks.

They meticulously screen resumes, conduct thorough interviews, and may even administer skills assessments or personality tests.

Reference checks and background verifications are standard procedures to ensure a candidate’s credibility.

Furthermore, organisations aim for a cultural fit, looking beyond qualifications to assess a candidate’s alignment with the company’s values and mission.

Indeed, organisations meticulously plan their recruitment processes, believing the individuals they bring on board will contribute positively to their teams and work culture.

They do not anticipate a new hire becoming unhappy, unaccommodating, or frustrated.

At no point do they think that their new employee will potentially vent their anger to their surrounding employees and their managers.

Their optimism stems from the thorough vetting and selection processes designed to ensure a strong match between the candidate’s qualifications, experience, and personality and the job’s requirements.

Organisations may strive to create a supportive and engaging work environment. However, a thriving and beneficial relationship between employees and employers is not guaranteed. It can all be undone very simply when an unfortunate workplace event occurs.

Take the following two examples:

Example #1: Apple Huge Reveal

Just days before Apple’s 2017 huge reveal, a disgruntled employee is believed to be the leak that compromised the anticipated event centred around the iOS 11 GM.

According to a September 9, 2017, Apple Insider report, it is suspected that a disgruntled employee revealed proprietary/confidential information regarding new features and hardware of the iOS 11 GM, new AirPods revision, “Face ID” facial recognition details and setup process, a new “animoji” feature for Messages, and the apparent marketing names of Apple’s forthcoming iPhone line-up; iPhone8, iPhone 8Plus, and iPhone X.

Example #2: Georgia-Pacific Mill Hack

IT specialist and systems administrator hacked his former employer, Georgia Pacific.

What Happened?

The former administrator was terminated from his employment in February 2014 and escorted off George-Pacific’s Hudson Mill premises. Despite his termination, his access to corporate applications remained in place.

The former employee was found to have an open virtual private network connection to the Georgia-Pacific Mill’s network. With this connection, he intentionally transmitted harmful code and commands to the system, sometimes bringing the mill’s production to a standstill.

FBI agents assigned to the case concluded that he intentionally sabotaged his former employer as payback.

These two examples show the scope of security risks disgruntled employees bring.

Let’s get into the details of what disgruntlement is.

What Is Disgruntlement?

Disgruntled workers are employees who feel unsatisfied with their jobs and tend to express dissatisfaction through complaints. Interestingly, the word “disgruntled” derives from the archaic term “gruntled”, which originally meant ‘’to grumble”.

In other words, a disgruntled employee is someone at your organisation who is more often than not upset and showing it by, you probably guessed it, grumbling.

Any organisation can have a disgruntled employee or two.

Often, workers get upset for minor reasons like a co-worker not helping them on a project, someone stealing their ideas as their own, not being appreciated, being overworked or not getting a pay increase.

Sometimes, an employee may even be disgruntled because of something at home that is almost entirely out of the organisation’s control.

So, no matter how well you run your organisation, you may occasionally come up against a disgruntled employee.

In short, the individual’s dissatisfaction is intimately linked to unmet expectations. They had hoped for specific outcomes or experiences in their job or life, but when these expectations weren’t fulfilled, it left them feeling disheartened and discontented.

It can be best presented by the following graph:

Here is an excellent example of an article, “The Case of Disgruntled Nurses”, which explores the concept in a real-life organisational situation. It highlights several factors and events contributing to employee disgruntlement within Oneida Home Health Agency (OHHA).

The Case of Disgruntled Nurses (By majillani |



  • OHHA received a letter from its staff council highlighting concerns and suggestions that violated the organisational hierarchy.
  • Rachel Nelson, the executive director, and Annemarie, the nursing director, had been working to address financial issues and improve accountability, productivity, and quality.
  • Some staff members resisted these changes, leading to conflicts and the letter sent to the board.

Problems and Causes

  • Rachel and Annemarie introduced changes without fully understanding the negative reactions from some staff members.
  • Senior nurses, accustomed to lenient supervision, resisted the new bureaucratic structure.
  • The introduction of a more complex documentation system increased paperwork, which nurses disliked.
  • The previous culture lacked criticism and penalties for poor performance, leading to job satisfaction among senior nurses.

The Case for Disgruntlement

  1. Unmet Expectations: The article discusses how management and organisational structure changes led to unmet expectations among the staff. This unmet expectation is a primary driver of disgruntlement.
  2. Conflict and Resistance: It describes the conflicts that arose due to staff resistance to the changes introduced by Rachel and Annemarie. This resistance manifests their disgruntlement with the new systems and management.
  3. Negative Perceptions: The article delves into how negative perceptions and mistrust developed between Annemarie and the senior nurses. These negative perceptions are rooted in their disgruntlement with each other’s actions and decisions.
  4. Recommendations for Resolution: The article proposes various solutions to address the disgruntlement, including replacing senior nurses and considering Annemarie’s termination. These recommendations directly relate to resolving the issue of disgruntlement among the staff.
  5. Conclusion on Communication: The article emphasises the importance of effective communication and understanding between managers and employees to overcome disgruntlement and improve organizational performance.

In Summary

The article’s specificity on disgruntlement lies in examining the various aspects, causes, and consequences of employee dissatisfaction and resistance within OHHA.

It explores how these factors contribute to the overall sense of disgruntlement within the organisation and provides recommendations for addressing this issue.

The question, then, is, why do some people become highly disgruntled or even vengeful? What makes some carry out malicious acts while others exposed to the same events and conditions do not act maliciously?

The transition from disgruntlement to vengeful behaviour is a complex process influenced by various individual and situational factors.

For example, just because two employees have a disagreement or passionate argument at work does not automatically assume they will come back and physically harm one another.

Most of us won’t react with violence, no matter how much injustice we may face. So, what differentiates us from those who do?

Let’s take a step backward to try and understand what we mean by unmet expectations.

Unmet Expectations

Unmet expectation is a situation whereby the individual feels disappointed because what they thought would occur didn’t happen, which can be best described in the following picture.

A precipitating event refers to a specific incident or situation that triggers a significant change or action, often with profound implications for employees and the organisation.

This event can range from a sudden economic downturn, a significant restructuring, a workplace accident, a leadership change, or any other occurrence that disrupts the usual course of business.

For employees, a precipitating event can catalyse change in their work environment, job roles, or expectations. Depending on how it impacts their circumstances (disposition), it can lead to various emotions, including uncertainty, anxiety, or even rage.

Employees often need to adapt, make critical decisions, or potentially face new challenges in response to such events, significantly affecting their job security, job satisfaction, and overall well-being.

For example, when new employees join a new organisation, they often come with expectations and anticipations.

These expectations can encompass a wide range of factors, such as job roles and responsibilities, workplace culture, compensation and benefits, opportunities for growth and development, work-life balance, and the overall experience within the organisation.

New employees typically expect clear communication about their job roles and responsibilities, a welcoming and inclusive workplace environment, fair and competitive compensation, opportunities for skill development and career advancement, and a healthy work-life balance.

On the other hand, organisations have their expectations when hiring new employees.

They anticipate that new hires will contribute effectively to the organisation’s goals and mission, follow business policies and procedures, work well with colleagues and teams, adapt to its culture, and demonstrate a commitment to success.

They also expect new employees to be proactive in their roles, show dedication and enthusiasm, and continuously seek ways to improve their skills and contribute positively to the workplace.

The alignment of these expectations from the new employees and the organisation is crucial for a successful and productive employment relationship.

What happens when expectations are not matched or fulfilled?

There is misalignment.

According to the Gallup State of the Global Workplace 2023 Report, only 23% of employees are engaged.

However, 59% of employees are referred to as “quiet quitters”, or what I call disengaged.

These employees are filling a seat and watching the clock. They put in the minimum effort required and are psychologically disconnected from their employer.  Although minimally productive, they are more likely to be stressed and burnt out than engaged workers because they feel lost and disconnected from their workplace. They are also likelier to make mistakes and not follow cybersecurity corporate policies.

A very worrying sign is that 18% of employees are called “loud quitters” or highly disengaged.

These employees take actions that directly harm the organisation, undercutting its goals and opposing its leaders. At some point, the trust between employee and employer was severely broken. Or the employee has been woefully mismatched to a role, causing constant crises.

Let’s take a further step backward to try and understand why humans behave the way they do by understanding their disposition.

Personal Disposition 

Refers to an individual’s inherent characteristics and traits that influence their behaviour, attitudes, and interactions with colleagues and the work environment. It includes aspects such as their temperament, personality traits, values, and emotional tendencies, which collectively shape their approach to work, teamwork, and decision-making within the organisation.

For example, individuals with low self-esteem or poor emotional regulation may be more prone to lash out vengefully when they feel wronged. Here are some examples of personal disposition found in insider cases:

  • Conflict with fellow workers
  • Bullying and intimidation of co-workers
  • Serious personality conflicts
  • Unprofessional behaviour
  • Inability to conform to rules
  • Difficulties controlling anger

Example: Off-duty Alaska Airlines Pilot Charged With Attempted Murder

What Happened?

An off-duty Alaska Airlines pilot has been charged with 83 counts of attempted murder after he allegedly tried to shut off a plane’s engines mid-flight.

He was riding as a standby employee passenger in the cockpit “jump seat” when the airborne altercation occurred.

After a brief scuffle inside the flight deck with the captain and first officer, the off-duty pilot ended up restrained by cabin crew members and was arrested in Portland, Oregon, where the flight was diverted and landed safely.

Behind the Scenes

Alaska Airlines reported no blemishes in the employment record of the charged pilot. The head of a California flying club he once belonged to said his alleged behaviour was completely at odds with the meticulous, mild-mannered family man he remembered him to be.

According to the affidavits, the charged pilot told police after his arrest that he was suffering a mental crisis during the incident and had struggled with depression for the past six months.

The court documents said he also told police that he had taken “magic mushrooms” for the first time, ingesting them about 48 hours before boarding the plane.

During the check-in or boarding process, employees did not observe any signs of impairment that would have led them to prevent the off-duty pilot from flying.

Depression is certainly a significant global health issue that affects millions of people.

Depression is a debilitating mental health condition characterised by persistent feelings of sadness, hopelessness, and a loss of interest in daily activities.

Depression was one of the reasons why a German Wings co-pilot deliberately crashed his Airbus A320, some 100 km north-west of Nice in the French Alps in 2015, killing all people on board.

Depression’s impact is substantial, both in terms of individual suffering and the broader societal and economic consequences.

Personal disposition can be broken into the following subcategories.

Perceived Injustice reflects the unfairness or injustice toward them that can fuel vengeful feelings. If someone believes they have been treated unfairly or suffered a significant injustice, they may be more likely to seek revenge to restore what they see as justice. For example:

  • Being passed over for promotion
  • Being passed over for a salary raise
  • Demotion
  • Being passed over for a project
  • Transfer to a different department
  • New supervisor hired
  • Access changed
  • Co-worker overriding decisions
  • Bonus lower than expected
  • Responsibilities changed 

Individual Difference means that different people have different levels of perceiving situations, whether good or bad. Some people have other ways to cope with unpleasant situations. Some individuals may have a predisposition towards aggression or a higher level of hostility, making them more likely to respond to disgruntlement with vengeful behaviour. Others may be naturally more resilient and better at managing their emotions. 

Trust Gap is the difference in how much employees and employers trust each other in their professional relationships regarding factors like confidence, transparency, and mutual reliance. A large trust gap increases the doubts and suspicions that may arise when employees feel their employer is not forthcoming, fair, or consistent in their actions, decision-making, and communication, potentially leading to decreased job satisfaction, motivation, loyalty and increasing criticism of management and business. 

Past Experiences refers to an event or events that have happened in the past but have shaped the person’s behaviour.

For example, someone who has had past issues with the following scenarios:

  • Had security violations
  • Harassment or conflict with co-workers
  • Difficulties controlling anger
  • Unprofessional behaviour
  • Bullying and intimidation
  • Intoxication
  • Personality conflicts
  • Arrested
  • Hacking
  • Misuse of organisation assets

Moral and Ethical Values refer to an individual’s personal values and moral compass that can encourage or discourage vengeful behaviour. Some individuals may prioritise forgiveness and conflict resolution, while others may prioritise retribution.

Opportunity and Risk refer to the universal law of pain and pleasure. If someone believes they can exact revenge without severe repercussions, they may be more inclined to do so. 

Social Support means the presence of a strong support network, such as

family and friends can provide the foundation to help discourage an individual from responding to grievances. At the same time, the lack of support can exacerbate the feeling of revenge as an acceptable or expected response to perceived slights or wrongdoings. In some cultures, retaliation may be seen as a better or even expected response to perceived slights or wrongdoings.

Financial Challenges frequently introduce workplace stressors. The ongoing concern of meeting financial obligations can prove distracting, hindering one’s ability to concentrate on job responsibilities. Additionally, financial instability can trigger personal problems that extend into the workplace, encompassing issues like interpersonal conflicts, disputes with supervisors, increased absenteeism and possible aggression.

Substance Abuse can be a significant danger to both them and the workplace. Substance abuse can impair their judgment and decision-making, leading to potential safety hazards and mistakes in tasks or responsibilities. Furthermore, it can result in absenteeism, tardiness, and decreased productivity, ultimately affecting the organisation’s overall efficiency. Interpersonal relationships may suffer due to erratic behaviour and conflicts with co-workers. It can jeopardise their well-being and endanger the stability and effectiveness of the workplace, making it a critical issue.

Tipping Point

After understanding why specific individuals become dissatisfied while others become profoundly disgruntled, despite identical circumstances or events, what factors might drive an employee to contemplate taking hostile actions against their organisation?

What is their tipping point?

Imagine that you were laid off from work. Would you seek justice and reprisal for the grievance?

Let’s take a look at the following actual case scenario that happened in Santa Clara.

Example: Shooting In Their Workplace

Hours after being laid off in November 2008, a product test engineer at a Santa Clara, CA, technology company returned to his former place of employment to clean out his desk.

While doing so, co-workers said he suddenly became agitated and entered the office of the company CEO.

Co-workers did not know the former employee had brought a 9 mm pistol to the office.

The next thing the workers heard was a rapid succession of gunshots. When the shots ended, the CEO, vice president of operations and the head of human resources were dead.

What made the test engineer take such extreme actions? What made this person dangerous?

Every person has a critical or turning moment when a situation or behaviour crosses a threshold, leading to a significant and often irreversible change.

Every person has a different tipping point.

Every person has a different recourse.

However, some employees may take a more negative course of action against their organisation when they feel extremely disillusioned, unsupported, or desperate due to unresolved issues or perceived mistreatment.

Several factors can contribute to this:

  1. Extreme Discontent: A prolonged period of discontent, frustration, or feeling ignored can push employees to consider more negative actions to vent their anger or seek retribution.
  2. Lack of Options: When employees believe they have exhausted all available options within the organization and still haven’t found a satisfactory resolution, they may turn to more negative actions as a last resort.
  3. Revenge or Retribution: In cases of severe grievances or perceived injustices, some employees may act out of a desire for revenge or to make the organization pay for what they perceive as wrongs committed against them.
  4. Personal Crisis: Personal crises, whether financial, emotional, or related to their work environment, can amplify an employee’s negative feelings and lead them to take extreme actions as a form of coping or out of desperation.
  5. Influence from Others: Negative actions can be influenced or encouraged by peers, colleagues, or external parties who may share similar grievances or have ulterior motives.
  6. Disregard for Consequences: Some employees may decide on negative actions when they believe the potential consequences, such as termination or legal issues, outweigh their perceived need to express grievances.
  7. Lack of Trust: If employees perceive that the organization lacks transparency, integrity, or a commitment to addressing their concerns, they may see negative actions as the only way to force attention to their issues

Think of the above points as pressure/stress points that gradually lead to a significant crisis.

Such a crisis can potentially propel the individual to prioritise seeking harm to others.

Revenge is a complex human behaviour that people seek for various reasons.

  1. Emotional Satisfaction: Revenge can provide a sense of emotional satisfaction or closure to someone who feels wronged. It allows them to feel like justice is served and that they’ve regained some control or power in a situation where they may have initially felt helpless.
  2. Deterrence: Seeking revenge can also serve as a deterrent. If someone believes that taking revenge will discourage others from harming them or their interests in the future, they may be more inclined to seek revenge.
  3. Restoration of Self-esteem: Revenge can help restore an individual’s self-esteem or self-worth. When someone is hurt or feels disrespected, seeking revenge can make them feel like they’ve regained their honour or self-respect.
  4. Psychological Closure: Some people use revenge to achieve psychological closure. They believe that by retaliating, they can put an end to the psychological distress or trauma caused by the initial harm.
  5. Social Validation: In some cases, revenge can be a way to gain social validation or support. When others acknowledge and support the avenger’s actions, it can provide a sense of belonging or group cohesion.

In the above example, the test engineer gained satisfaction by causing the ultimate pain to others, even though he knew that his actions would undoubtedly doom him for the rest of his life.


Understanding tipping points is valuable for predicting or influencing human behaviour, as it helps identify when a situation is ripe for change or when a small action or event can have significant cascading effects.

It also underscores the idea that relatively minor factors sometimes trigger significant shifts in behaviour or outcomes.

Importantly, employees typically do not start their day with the intention of causing harm to their organisation.

Negative thoughts or actions toward their workplace usually develop over time, often due to various factors such as dissatisfaction, frustration, or perceived mistreatment.

These feelings can simmer beneath the surface, gradually intensifying until they reach a point where an employee may contemplate taking negative actions.

The key message here is that there is a window of opportunity for intervention.

Rather than solely focusing on punitive measures when employees exhibit signs of disgruntlement or dissatisfaction, organisations can take a more proactive and supportive approach.

By identifying these early warning signs and addressing the underlying issues, employers can help employees reorient their thinking and behaviour toward a more positive and constructive direction. This approach mitigates potential harm and fosters a healthier, more productive work environment.

Therefore, organisations must create a supportive, transparent, and respectful work environment, actively address employee concerns, and provide outlets for resolving disputes to prevent employees from feeling driven to such extreme actions.

Additionally, promoting mental health and well-being initiatives can help employees cope with stress and grievances in healthier ways.


Hidden Dangers Within

Hidden Dangers Within

Warning Signs Ignored. The Silent Threat of Employee Disengagement

“The difficulties of life are intended to make us better, not bitter.”
– Unknown

Somewhere in Spain (fictional conversation)

CEO: “We’re a winery, not Fort Knox. Why overspend on security?”

Security Manager: “Imagine someone, say a disgruntled employee, decides to unplug our tanks. That’s our premium wine down the drain!”

CEO: “As likely as finding a wine bottle that doesn’t want to be opened. Let’s not pour money into ‘what-ifs’.”

Security Manager: “But—”

CEO: “No ‘buts’ unless it’s about wine barrels!”

Fast forward…

A vino vengeance unfolds as five tanks get unplugged in a blitz!

60,000 bottles of wine, valued at 90€ each, were lost.

The lesson of the day?

“Unlikely” doesn’t mean impossible.  What is the cost of ignoring risks? A whopping 5.4 million € in fine wine.

(Story source:

What Is Employee Engagement?

Employee engagement goes beyond just doing work. It includes how much employees care about their jobs and the company. Their emotions, dedication, and enthusiasm show their engagement in their work and workplace.

Employee engagement affects about every element within an organisation, including:

  • Productivity
  • Profitability
  • Customer experience
  • Morale
  • Employee turnover
  • Team dynamics

It’s been shown that employees who feel connected to their organisation work harder, stay longer, and motivate others to do the same.

Additionally, research from Harvard Business Review (sponsored by Quantum Workplace) shows that 92% of business executives believe that engaged employees perform better, excelling in the success of their teams and the outcomes of their organisations (source:

Employee engagement does not mean employee “happiness”.

Employee happiness is distinct from employee engagement. Happiness focuses on individual well-being and contentment, influenced by various factors. In contrast, engagement goes further, involving a deeper commitment to organisational goals and active contribution to its success.

While happy employees experience positive emotions, engaged employees align with the company’s mission and actively work towards shared objectives, emphasising the importance of recognising and fostering both aspects in the workplace.

Employee engagement doesn’t mean “satisfaction”.

Employee satisfaction reflects contentment with job aspects, while engagement involves a deeper connection to the organisation’s mission and active commitment to its success.

Satisfied employees may find their work enjoyable, but engaged employees go further, actively contributing and striving to make a meaningful impact on the company’s goals.

Whose job is it?

An organisation’s responsibility for caring about employee engagement typically falls on leadership and management.

Leaders, managers, and human resources professionals are crucial in creating a work environment that fosters engagement.

This involves providing clear communication, offering development opportunities, recognising achievements, and addressing concerns.

While individual employees also contribute to their engagement, organisational leaders are instrumental in shaping the overall culture and conditions that influence how engaged employees feel.

Why is it important?

Employees make decisions and take actions that impact their workforce and organisation daily. How your organisation treats its employees and how employees treat each other can either positively influence their actions or pose risks to your organisation.

Gallup’s extensive research on employee engagement, which spans decades, reveals that engaged employees consistently yield better business outcomes than their counterparts, irrespective of industry, company size, nationality, or economic conditions.

Worryingly, only 23% of employees worldwide feel engaged (source:

Understanding Employee Disengagement

Disengagement refers to the act of withdrawing or becoming detached from something. It can have several meanings depending on the context:

  1. Emotional disengagement: This refers to a psychological state where an individual emotionally disconnects or distances themselves from a situation, relationship, or activity. It can involve suppressing or avoiding feelings and emotional involvement.
  2. Social disengagement: This refers to the process of withdrawing from social interactions, relationships, or activities. It may involve isolating oneself or reducing involvement in social circles or communities.
  3. Military/political disengagement: This term is used in military or political contexts to describe the process of withdrawing troops or forces from a particular area or conflict zone.
  4. Cognitive disengagement: This refers to the process of mentally distancing oneself from a task, situation, or experience. It can involve distracting oneself or avoiding fully engaging with something mentally or intellectually.

However, Employee disengagement in the workplace refers to an employee’s lack of motivation, commitment, or emotional connection to their job or organisation.

Disengaged employees typically lack enthusiasm and commitment to their jobs, showing a deficiency in motivation and inspiration. Although they may adequately fulfil their job responsibilities, they are likely to avoid putting in additional effort to contribute to the organisation’s objectives.

Disengaged employees tend to exhibit the following characteristics:

  1. Lack of motivation: They feel unmotivated and uninspired to put in extra effort or go beyond their bare minimum.
  2. Low productivity: Disengaged employees often have lower productivity levels as they are not fully invested in their work.
  3. Lack of enthusiasm: They display little enthusiasm or passion for their job and the company’s mission and goals.
  4. Detachment: Disengaged employees feel emotionally detached from their work, colleagues, and the organisation as a whole.
  5. Absenteeism: They may have higher absenteeism rates or a tendency to miss work frequently.
  6. Negative attitudes: They may exhibit negative attitudes towards their work, colleagues, or the organisation and frequently complain or criticise.
  7. Low commitment: Disengaged employees are less committed to their jobs and the company and may be more likely to seek other job opportunities.

They are all a symptom of a “check-out” mentality.

According to the State of the Global Workplace 2023 Report by Gallup, actively disengaged employees make up 77% of the workforce (source:

As reported by Gallup, a 77% employee disengagement rate is alarmingly high and points to widespread and systemic issues in the workplace.

One of the primary reasons for disengagement is stress. Around 44% of employees worldwide said they experienced a lot of stress the previous day (source:

Employee stress rose in 2020, likely due to the pandemic. However, employee stress has been rising for over a decade.

There are many reasons why work might make those feel stressed, such as:

  • Extended hours or a heavy workload
  • Inflexible deadlines
  • Conflict, bullying or sexual harassment in your workplace
  • Lack of support from your co-workers or manager
  • Lack of appreciation for your efforts
  • An environment that is too noisy, hot, cold, dusty or uncomfortable

Apart from stress, several other reasons can contribute to employee disengagement. Here are some key factors:

  1. Lack of recognition and appreciation: Employees who feel their efforts and contributions are not recognised or appreciated are more likely to disengage.
  2. Poor communication and feedback: Ineffective communication from management, lack of clear goals and expectations, and inadequate feedback on performance can leave employees feeling disconnected and disengaged.
  3. Limited career growth opportunities: Employees may become disengaged if they perceive limited opportunities for career advancement, skill development, or personal growth within the organisation.
  4. Inadequate compensation and benefits: Employees who feel underpaid or receive inadequate benefits compared to their peers or industry standards may become disengaged and seek better opportunities elsewhere.
  5. Lack of autonomy and empowerment: Micromanagement and a lack of trust from supervisors can lead to disengagement, as employees feel they have little control or autonomy over their work.
  6. Unfair treatment and discrimination: Perceived discrimination, favouritism, or unfair treatment based on gender, race, age, or personal beliefs can contribute to disengagement and resentment towards the organisation.
  7. Poor leadership and management: Incompetent, unsupportive, or unethical leadership can erode trust and respect, causing employees to become disengaged and unmotivated.
  8. Toxic work culture: A hostile work environment characterised by office politics, conflicts, or a lack of collaboration and teamwork can foster disengagement as employees become dissatisfied with the organisational culture.
  9. Organisational changes and uncertainty: Major organisational changes, restructuring, or mergers can create uncertainty and disrupt the work environment, leading to disengagement as employees feel insecure about their roles and future.

A cause for more significant concern is that among the 77% disengaged workforce, 18% are categorised as highly disengaged.

Highly disengaged employees have become completely detached and unmotivated in their roles and towards the organisation they work for.

These employees exhibit various behaviours and attitudes that can harm productivity, morale, and overall organisational success.

At some point, the trust between employee and employer was severely broken, or the employee was woefully mismatched to the role.

Risk Potential

Looking at the big picture, disengaged employees pose several risks to an organisation, namely:

  • Poor customer service: Disengaged employees are more likely to perform poorly, abruptly, and without empathy, resulting in poor customer service, dissatisfaction, and potential loss of reputation and business.
  • Negative impact on workplace culture: Disengaged employees can spread negativity and toxicity throughout the workplace, affecting team morale, collaboration, and overall organisational culture.
  • Increased turnover: Disengaged employees are more likely to seek employment elsewhere, leading to higher turnover rates, which can be costly for organisations regarding recruitment, training, and knowledge loss.
  • Negative impact on morale: Disengaged employees can have a detrimental effect on team morale and workplace culture. Their lack of enthusiasm or commitment may spread to others, leading to low morale and motivation among colleagues.
  • Security risks: Employees who are disengaged might pay less attention to cybersecurity protocols, policies, and procedures, consequently raising the risk of compromising sensitive information, experiencing cyber breaches, and encountering data breaches.
  • Safety risks: Disengaged employees may be less attentive to safety protocols and procedures, increasing the risk of accidents and injuries in the workplace.
  • Reputational damage: If disengaged employees express their dissatisfaction publicly or provide poor customer service, it can damage the organisation’s reputation and brand image.
  • Increased absenteeism and presenteeism: Disengaged employees may have higher rates of absenteeism or presenteeism (physically present but mentally disengaged), further impacting productivity and overall performance.
  • Increased workplace conflicts: Disengaged employees may be more prone to conflicts with colleagues or managers, creating a hostile work environment and disrupting team dynamics.
  • Increased employee turnover: Low morale can exacerbate disengagement and create a toxic work environment. Employees are more likely to seek opportunities elsewhere, leading to higher turnover rates.

The good news is that a few changes to how they are managed could turn them into productive team members.

The bad news is that highly disengaged employees can significantly harm the organisation if left untreated.

  1. Active spread of negativity: Rather than just being indifferent, highly disengaged employees can become “amenity negators” – Actively trying to discourage others and spread their negative sentiments about the job and the organisation.
  2. Interpersonal conflicts: Highly disengaged workers are more likely to argue, be insubordinate to managers, or create hostile situations with colleagues, disrupting teamwork and morale.
  3. Toxic and hostile: Actively and highly disengaged employees will likely create a toxic and hostile work environment. They may engage in verbal abuse, harassment, bullying or other forms of disruptive behaviour, causing emotional distress and dissatisfaction among their peers. This toxicity can spread rapidly, eroding trust and collaboration within the team.
  4. Public defamation: In the age of social media, highly disengaged staff may vent their frustrations publicly and defame the organisation online, damaging its reputation significantly.
  5. Outright sabotage or theft: Extremely disengaged employees who feel resentful or vengeful toward the company may intentionally undermine operations, sabotage projects, share confidential information, or even steal property or funds.
  6. Severe safety risks: One of the significant risks posed by highly disengaged employees is the potential for threats and violence, directly impacting personal safety within the organisation. These individuals may exhibit hostile behaviour, aggression, or even deliberate acts of violence towards their colleagues, supervisors, or the organisation. Such instances can create a climate of fear and intimidation.
  7. Legal/compliance risks: Apathy toward rules, negligence, or even malicious intent from the highly disengaged can lead to costly regulatory penalties or lawsuits against the company.

Identification of Warning Signs

Interestingly, the journey at a new workplace begins with enthusiasm and energy.

Employees are excited and eager to showcase their capabilities, deliver their utmost, and cultivate a favourable perception among their colleagues.

However, forecasting which individuals might eventually disengage from their roles or pinpointing the precise moment of this shift remains difficult.

Gradually, an intangible chasm emerges, proving challenging to identify and bridge.

The following visual demonstrates the roadmap to highly disengaged employees.

Identifying Behaviour Signs

As employees progress through the stages of disengagement, some visible behavioural cues and patterns can serve as warning signs for managers and HR professionals to take notice.

Being attuned to these behaviours is crucial for early intervention before disengagement becomes entrenched. Some key behaviours to look out for include:

  1. Early signs of disengagement
    • Reduced motivation and effort
    • Withdrawn from activities
    • More frequent absent and tardiness
    • Decreased productivity
  2. Emotional disconnection
    • General apathy towards work
    • Negative attitude spreading to others
    • Neglecting responsibilities
  3. Psychological detachment
    • Feeling undervalued and unappreciated
    • Loss of trust in management and leadership
    • Questioning organisation values and direction
    • Actively looking for other jobs
  4. Counterproductive behaviours
    • Missing deadlines intentionally
    • Doing the bare minimum required
    • Discouraging participation and contribution
    • Increased conflicts with co-workers
  5. Open defiance
    • Insubordination towards managers
    • Sabotaging projects and initiatives
    • Spreading negativity about the company
    • Encouraging the resignation of others
    • Stealing business assets and time
  6. Actively disengaged
    • Undermining organisation reputation
    • Sharing confidential information
    • Intentionally policy violations
  7. Malicious and revenge
    • Leaking trade secrets
    • Property damage and theft
    • Hacking and data breaches
    • Inciting violence or walkouts
    • Sabotaging business operations

The Role of Organisation Culture

Organisational culture plays a pivotal role in influencing employee engagement and disengagement levels.

An organisation’s culture, encompassing its values, norms, practices, goals, mission and working environment, can foster engagement or fuel employee disengagement.

When an organisation’s culture aligns with its employees’ values and beliefs, it fosters a sense of belonging and purpose, leading to higher engagement.

However, the same can be said on the contrary. If the culture contradicts employees’ values, it can create cognitive dissonance and disengagement.

The leadership style and behaviour of managers and executives significantly shape organisational culture. Supportive, transparent, and empowering leaders tend to cultivate a culture of trust, respect, and engagement, while authoritarian, micromanaging, or unethical leadership can breed a toxic culture that disengages employees.

Open and transparent communication from leadership and opportunities for employee feedback and input contribute to an engaging culture. In contrast, a lack of transparency and top-down communication can create a culture of distrust and disengagement.

Cultures that prioritise recognising and appreciating employee contributions foster a sense of value and motivation. Conversely, a culture that overlooks or undervalues employee efforts can lead to disengagement.

Organisations prioritising employee development, training, and career growth opportunities cultivate a culture of continuous learning and engagement, while stagnant cultures lacking growth prospects can disengage ambitious employees.

A culture that respects work-life balance and provides flexibility can enhance engagement. In contrast, a culture that demands excessive overtime or neglects personal well-being can lead to burnout and disengagement.

Cultures that encourage collaboration, teamwork, and open communication tend to be more engaging, while siloed, competitive, or political environments can breed disengagement.

Key Takeaway

“Hidden Dangers Within” reflects the unseen, unaddressed issues and risks that can plague beneath an organisation’ before manifesting outwardly in damaging ways.

Employee disengagement is such a perfect example of the hidden danger that an organisation misses.

Employee disengagement often begins quietly and invisibly before any outward signs are evident. It germinates underneath the surface through internal feelings and attitudes that can initially go unnoticed by management. Dissatisfaction, resentment, and apathy are all emotional disconnects from one’s work that start private and hidden away.

As disengagement takes root within employees, it perpetuates in subtle, insidious ways that are difficult to detect from the outside. Negative emotions fester, productivity wanes slightly, and enthusiasm dips, but these creeping effects can be excused or obscured amidst daily operations.

All the while, this unseen disengagement poses an increasingly dangerous threat from within. It chips away at morale and performance standards while providing fertile ground for policies, practices or management decisions that enable it to spread silently further through the workforce.

By the time obvious signs like insubordination, sabotage or turnover rates spike, the disengagement has already inflicted unseen damage. The once-hidden danger has invisibly infiltrated operations and metastasized across teams and departments unchecked.

Worse still, highly disengaged employees can become covert “agents” actively working against engagement and driving those dangers, intentionally negating productivity, drowning optimism, and withholding effort in unseen ways that exacerbate the problem.

Battling a widespread, advanced disengagement requires painful, drastic measures because the danger could hide in plain sight, fuelling itself from within until it blossomed into an existential cultural threat.

This ability for disengagement to clandestinely take root and do unseen damage from the inside-out, sitting dormant until ubiquitous, is why it epitomises the idea of an organisation’s potentially most lethal “hidden danger within.

Ultimately, organisations must cultivate a positive, supportive, and inclusive culture that aligns with their workforce’s values and needs. Addressing cultural issues that fuel disengagement and actively nurturing an engaging culture should be a strategic priority for organisations to retain and maximise the potential of their talent.


Insider Threats In Focus: Predictions For 2024

Insider Threats In Focus

Predictions For 2024


Predictions, few words can provoke such extreme human emotions when it comes to weather, politics, health, the stock market, and sports.

2023 was such a rocky, uncertain, and emotional year, what with the continuing war between Ukraine and Russia, escalation conflicts between Israel and the Palestinians, China’s Spy Balloon, and record-breaking extreme weather, India surpassed China as the world’s most populous country, King Charles III was coronated in the UK and the adoption of artificial intelligence by the mainstream.

The future is a strange place, filled with fear and anxiety. We presume it will look like now apart from the different bits and pieces.

When it comes to Insider Threat predictions, what does 2024 hold for us?

Most of us agree that insider threats will either remain the same or worsen.

You can argue that it isn’t so much a prediction but more of a trend. In truth, you are right. In reality, things will only get worse. Let me tell you why.


In 2024, there will be significant changes to the insider threat landscape, with a few key predictions taking centre stage in order of importance.

1. AI Threat – The most significant is the advent of artificial intelligence-based attacks, representing a paradigm shift in insider threat issues.

2. Increased Economic Pressures – Financial hardships like rising inflation and cost-of-living crises create motives for employee fraud and data theft.

3. Rise In Insider Attacks – There will be a greater emphasis on outsiders attempting to target privileged users within organisations, whether they be rivals, foreign governments, or other entities.

4. Social And Geopolitical Pressures – Increased cyber activity targeting elections and critical infrastructure due to tensions between nations is a high possibility.

5. Rise Of Data Privacy Concerns – With increasing regulations, organisations face additional pressure to protect sensitive personal data. Insider threats can lead to significant data breaches and compliance violations.

6. Hybrid Workforce Persists – The hybrid workforce is expected to continue and, driven by employee demands and cost flexibility for employers, will continue to push challenges for managing insider risks.

People may think they are somehow immune to a business breach. They may trust their security controls, thinking they have amazing impenetrable defences. They may put their trust in “flying under the radar” or believe they are too small to have a breach. But this thinking assumes breaches come from the outside, from bad actors external to the organisation. What they fail to take into account is the risk of an insider breach.

Ready or not, this is the most likely to happen in 2024. And the main thing is to “keep calm and don’t panic”.

Prediction #1

AI Emergence As An Insider Threat

It’s been a while since IBM Big Blue defeated renowned Garry Kasparov in a chess battle. That was back in 1997, some twenty-seven years ago.

In February 2011, IBM’s Watson DeepQA computer made history by defeating the two foremost all-time champions of the TV quiz show Jeopardy!

In March 2016, the strongest Go player in the world lost to Google’s DeepMind AlphaGo.

While the closely watched Jeopardy and Go competitions showed how computers powered by machine learning and artificial intelligence can outperform humans and benefit society, concerns have also arisen about the technology’s darker side.

The fantastic adoption of AI has been both an astonishing and a dark cloud.

AI has transformed how firms run by automating repetitive operations and empowering data-driven decision-making.

However, even as we employ AI to improve business processes, streamline operations and enhance decision-making, we must also consider how it may contribute to cyber and insider threats.

One reason cybercrime has rapidly accelerated is the lower barrier to entry for malicious actors.

Cybercriminals have evolved their business models, offering subscription services and starter kits. The use of large language models like ChatGPT to write malicious code also highlights the potential cybersecurity challenges.

Because of these threats, all business leaders in today’s digital world must know about AI’s developments in cybersecurity.

On the other hand, AI is also becoming an essential tool in the fight against cybercrime.

The question is, will AI change the insider threat landscape?

Yes, that is the simple answer. AI can and will change the insider threat landscape from a positive and negative context.

Detection And Prevention

  • Positive impact: AI can enhance the detection capabilities of organisations by analysing vast amounts of data to identify patterns and anomalies.
  • Negative impact: Sophisticated attackers may leverage AI to develop more sophisticated and evasive attacks, making it challenging for traditional security measures to keep up

Behavioural Analysis

  • Positive impact: AI-driven behavioural analytics can help organisations understand typical user behaviour and identify deviations that may suggest malicious intent.
  • Negative impact: Misinterpretation of behavioural data or false positives may lead to unnecessary suspicion or false accusations against employees.

Automation Of Attacks

  • Positive impact: AI can automate the detection and response to insider threats, enabling faster reaction times and reducing the potential damage caused by malicious insiders.
  • Negative impact: Malicious insiders may also use AI to automate attacks, making them more efficient and challenging to detect.

Data Protection

  • Positive impact: AI can assist in encrypting and protecting sensitive data, making it more challenging for insiders to access or exfiltrate critical information.
  • Negative impact: Poorly implemented or insecure data handling practices within AI applications may inadvertently expose sensitive data. Furthermore, malicious insiders may intentionally exploit AI systems to leak sensitive information.

Insider Collaboration

  • Positive impact: Organisations can proactively monitor and detect insider collaboration with AI, enhancing their ability to prevent and respond to sophisticated attacks.
  • Negative impact: Insiders may use AI tools to augment their malicious activities, making it more challenging for security systems to discern between legitimate and nefarious actions.

Privacy Concerns

  • Positive impact: Organisations can implement ethical AI practices and privacy-preserving technologies to balance security measures with employee privacy, addressing concerns and complying with regulations.
  • Negative impact: Poorly implemented AI monitoring may infringe on employee privacy, leading to legal and ethical challenges and potentially damaging the trust between employees and the organisation.

What Is The Short-Term Outlook?

Sure, AI is being used to amplify the capability of bad actors by developing more sophisticated malware and facilitating cyberattacks from systems like FraudGPT.

AI can be increasingly used for social engineering attacks, such as automated spear phishing and convincing interactions with victims using email, voice, and text communications.

In reality, it will be a while before AI can think independently and decide between good and bad. It will be some time in the future when it can act like a “human” and become a true insider.

Prediction #2

Increased Economic Pressures

Today’s organisational behaviour scenario is as dynamic as the environments in which organisations function. It’s a blend of trials and triumphs, where the key lies in using the right approach to minimise the trials and optimise the triumphs.

One of the main challenges and opportunities facing organisations is the increasing economic pressure.

Economic pressure has been rising globally due to several key measures such as the slowdown of GDP growth (like in China), rising unemployment, declining consumer spending due to price increases that we have seen in the Western world, reduced business spending and confidence, political unrest, conflict in parts of the world and the global deterioration in trust.

In today’s global economy, trust is king. Trust is the social underpinning of social behaviour and social reality. When mistrust and suspicion grow, it becomes even more difficult to transact, and costs, therefore, increase, as can be noted in the following equation (source: The Speed of Trust by Stephen M.R. Covey)

What are the consequences of economic pressure on organisations, therefore?

Economic downturns can profoundly impact organisations, extending beyond the immediate financial challenges.

Increasing economic pressure on organisations can have notable consequences, potentially heightening the risk of insider threats.

Job insecurity stemming from layoffs or hiring freezes may lead disgruntled employees to engage in malicious activities, exploiting their access to sensitive information.

Financial strain, salary freezes, and benefit reductions can foster discontent, making employees susceptible to engaging in insider threats for personal gain or retaliation.

Increased workloads due to downsizing can contribute to burnout, affecting judgment and potentially leading to security lapses.

Communication challenges and a lack of transparency during economic downturns may create an environment where employees feel disconnected or undervalued, increasing the likelihood of insider threats as individuals may perceive a diminished commitment to their well-being.

Organisational and employee stress intensifies due to factors such as job insecurity stemming from layoffs and downsizing, increased workloads due to reduced staffing, and financial strain caused by salary freezes and benefit cuts.

Overall, economic can amplify internal vulnerabilities, necessitating proactive measures to mitigate insider threats and maintain organisational security.

The increased economic pressure will certainly have a cascading effect, as depicted in the above diagram.

Prediction #3

Rise In Insider Attacks

Insider threats represent a significant and evolving challenge for organisations.

According to IBM, the X-Force Threat Intelligence Index 2023 reported a 13% increase in insider threats year-over-year.

Another report from Bridwell shows that around 77% of organisations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyber threats in the last three years.

A further report from GURUCUL in their 2023 Insider Threat Report revealed that 74% of organisations say insider attacks have become more frequent.

The latest Verizon 2023 Data Breach Investigation Report found that insider threats accounted for 22% of all data breaches.

These studies suggest that there is a growing problem for organisations of all sizes.

Cause Of Growth

A number of factors in the changing landscape may explain this rising threat. However, there’s no single cause for the rise of insider attacks, but rather a complex mix of factors contributing to this trend. Here are some key points to consider:

Increased Temptation – The explosion of sensitive data stored electronically has become a double-edged sword, creating both immense value and significant vulnerability. This treasure trove of information, from financial records to intellectual property, attracts competitors, malicious actors and nation-state sponsors.

The ease of copying and transferring electronic data compared to physical records lowers the barrier to entry for attackers, even those with limited technical skills.

Furthermore, the sheer volume of data collected often leads to sprawl, creating blind spots and increasing the attack surface. This combination of temptation, opportunity, and ease of execution fuels the rise of insider attacks.

Increased Accessibility – Increased accessibility fuels the rise of insider threats. This accessibility stems from remote work, broader employee roles, and data sprawl, creating multiple entry points for malicious actors. The ease of copying and transferring electronic data compared to physical records further simplifies potential attacks, even for those with limited technical expertise.

Increased Sophistication Of Bad Actors – Gone are the days of basic malware and phishing attempts.

Today’s attackers wield various advanced tools and techniques, from social engineering, that manipulate employees into granting access to custom malware designed to evade detection. They exploit software vulnerabilities, collaborate through Cybercrime-as-a-Service (CaaS) platforms, and even form insider networks to orchestrate targeted attacks.

Attackers now target organisations for espionage, disruption, or reputational damage. Hacktivist groups with ideological agendas and nation-state actors pursuing strategic goals increasingly employ insider tactics. This diversity of motivations and the potential for broader impact raise organisational stakes.

Increased Targeting Of Insiders Within Critical Infrastructure – Attacks on critical infrastructure have become more frequent and severe.

While critical infrastructure’s high value attracts attacks, it also makes its insiders highly prized targets. Malicious actors increasingly recruit, coerce, or bribe insiders to gain access to these systems. These insiders, with legitimate authorisation and knowledge of security protocols, pose a unique and dangerous threat. They can bypass traditional security measures and inflict more significant damage than external attackers alone.

The question is, will 2024 be any different?

Based on the reports and the reasons we have mentioned, it’s difficult to predict whether 2024 will see even worse insider threat attacks than 2023.

However, the evidence and other trends suggest that we should be prepared for the continued rise of insider threats in 2024.

Prediction #4

Social And Geopolitical Pressures

The relentless flow of news stories is centred chiefly around cyberattacks, hacks, and breaches. Criminals and hackers don’t seem to take a rest and are always ready to breach the organisations’ defences.

The cyber threats to an organisation can be overwhelming, and it can be easy to become distracted by the latest vulnerability or breach.

The daily news reminds us that the world is becoming a very uncertain and dangerous place.

Geopolitical threats from hostile foreign powers extend beyond government and military targets as disinformation and disruption have become tactics across business and society.

If you think about it on a basic level, there is no more significant threat than uncertainty.

You may be uncertain whether you are a target, but at least you know that a committed bad actor will look for all vulnerable doors into your business, including your people. That’s a certainty.

You may be uncertain whether an outsider has recruited any of your employees for corporate espionage activities. Still, at least you know for certain that such activities could significantly harm your organisation.

You may be uncertain, not knowing what geopolitical event will occur, but you do know that it may impact your organisation significantly.

State-Sponsored Attacks

Businesses and their infrastructure are getting swept up in international affairs at a rapidly increasing rate.

We see competition or animosity between nation-states playing out via the theatre of cyberwar.

Nation-states increasingly utilise insider threats as a key tactic in their cyberattacks.

This involves recruiting individuals with authorised access to infiltrate organisations and steal sensitive data, disrupt critical infrastructure, or facilitate further compromise.

These attacks have a high chance of success and are challenging to attribute because they exploit insiders’ knowledge and bypass external security measures.

Recruitment methods include targeting disgruntled employees, exploiting personal vulnerabilities, or utilising pre-existing networks.

Once recruited, insiders can steal data, sabotage systems, create backdoors, or grant access to external attackers.

In an article published late in 2023 by Reuters, state-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure and businesses.

What evidence do we see?

  • According to Tom Burt, corporate VP of customer security & trust at Microsoft, there has been a “disturbing” increase in aggressive nation-state cyber activity in the past year. This is based on their 2022 Microsoft Digital Defence report.
  • An article published by Reuters in late 2023 indicated that there has been a rise in sponsored groups targeting critical infrastructure in Australia. (source:

Corporate And Economic Espionage

The globe has become a moving chessboard where each nation pulls and pushes strings in the background. Some countries are striving for dominance. Some countries are fighting for survival.

2024 will see trade wars, tensions escalate, and economic instability rise.

This complex geopolitical game spills over into the corporate world, fuelling a rise in corporate espionage. Companies become pawns where their secrets are wanted, like winning strategies.

What signs do we see of increasing espionage?

  • The domestic intelligence chiefs of the Five Eyes (Australian Security Intelligence Organisation (ASIO), the Canadian Security Intelligence Service (CSIS), the Federal Bureau of Investigation (FBI), and the New Zealand Security Intelligence Service (NZSIS)) alliance warned businesses in October 2023 that they were seeing a “sharp rise” in attempts by hostile states to steal intellectual property.
  • ASIO warning Australian citizens of foreign interference, espionage and terrorism. (Source:

Social Risks

Geopolitical risk is not only about high-profile international events, conflicts, or shifts. It refers to the potential for societal harm caused by various factors interacting on a global scale. These risks can manifest in diverse ways, impacting individuals, communities, and entire nations.

Social risks and insider threats are intricately linked in the complex tapestry of geopolitics. They feed off each other, creating a vicious cycle with devastating consequences. Here’s how:

Disinformation and propaganda: The manipulation of information can create fertile ground for insider threats. Imagine an employee exposed to constant narratives demonising a specific group. This individual, already grappling with personal frustrations or economic hardships, might become vulnerable to radicalisation. State actors or extremist groups can exploit this vulnerability, recruiting them to commit insider acts as a twisted form of “patriotism” or revenge.

Cybersecurity threats: Imagine disgruntled employees manipulated by online disinformation campaigns questioning their company’s ethics or involvement in international conflicts. The erosion of trust can lead them to leak sensitive data or sabotage systems, believing they are exposing wrongdoing.

Mass displacement and migration: Imagine an individual fleeing conflict or persecution, harbouring deep resentment towards their former government. Their desperation and lack of loyalty could be exploited if offered employment with access to critical infrastructure or sensitive information. This individual becomes a potential insider threat, susceptible to coercion or bribery to engage in espionage or sabotage against their former nation.

Erosion of human rights and freedoms: When governments crackdown on dissent, they inadvertently push potential whistleblowers into the shadows. Imagine a scientist witnessing unethical practices within a military program. Unable to voice their concerns through official channels due to fear of repression, they might resort to leaking classified information anonymously, becoming an insider threat driven by a desire for justice and accountability.

Are we seeing evidence of an increase in social risks?

There is plenty of evidence that there have been significant trends that point towards evolving and concerning landscape. For example:

  • Social media platforms like Facebook and Twitter have faced ongoing criticism for their inability to effectively curb the spread of harmful content, including hate speech and propaganda.
  • Studies by RAND Corporation and Oxford University show a surge in manipulated media content and coordinated disinformation campaigns online, often linked to specific geopolitical agendas.
  • Reports by the World Economic Forum and the Global Cyber Security Index highlight a steady rise in cyberattacks, with nation-states increasingly targeting critical infrastructure and sensitive data.
  • The United Nations High Commissioner for Refugees reports that 117.2 million people were forcibly displaced worldwide as of the end of 2023.
Prediction #5

Rise Of Data Privacy Concerns

It should come as no surprise that one of the day’s main issues is data privacy.

Our world has become increasingly data-driven, and digital platforms have revolutionised the way we work, play, and interact with one another.

However, this concerning development has forced us to share information online, continuously expanding our digital data portfolio and increasing the likelihood of misusing it.

Since GDPR came into effect in 2018 in Europe, more and more countries have followed suit. The shift toward consumer data protection across the globe has resulted in OAIC (Australia), CCPA (California), LGPD (Brazil), PIPL (China) and POPIA (South Africa), among others.

When it comes to data privacy, a lot is at stake.

It’s not surprising, therefore, that we can expect to see even more data privacy laws being adopted. This is due to several factors, including:

  1. The growing application of new technologies, including big data and artificial intelligence. Large volumes of personal data can be gathered and processed by these technologies, and the resulting information can be used to alter people’s behaviour, follow their activities, and draw conclusions about their personal lives.
  2. The increasing recognition of the importance of personal data. Organisations are becoming more conscious of the fact that they can benefit from the collection and sale of personal data to outside parties. Concerns about improper use of personal data and demands for more robust privacy protections have resulted.
  3. The fragility of personal data is highlighted by the rising frequency of well-publicized data breaches (like the Medicare and Optus breach in Australia). These hacks have damaged the public’s confidence in governments and corporations, and it is now evident that more has to be done to protect personal information.

How will the increase in data privacy concerns affect insider risk management?

When it comes to insider risk management, the growing number of concerns around data protection is a double-edged sword.

While it raises awareness and potentially fuels investment in Insider Risk Management Programs, it also introduces new complexities and challenges that require adaptation. Here’s a breakdown of both sides:

Negative Impacts

  • Limited capability made worse: Increasing data privacy governance presents an additional complex set of challenges for organisations already challenged with managing insider risks.
  • Data breach amplified: Increasing data privacy governance could allow insiders with malicious intent to take advantage of the situation to cause harm to the organisation, knowing full well the increasing severity of regulatory sanctions that are levied on organisations when they experience a data breach.
  • Intrusive monitoring: Increasing data privacy governance could add another layer of intrusiveness by implementing further monitoring measures to detect insider threats. This can raise privacy concerns for employees, potentially creating a feeling of being spied on. In addition, it can erode trust and morale, hindering productivity and collaboration.
  • Financial and operation losses: Insider incidents can lead to data breaches and leaks, causing more significant financial losses due to fines, lawsuits, reputational damage, lost business opportunities and increasing regulatory penalties.

Positive Impacts

  • Increase awareness and investment – Data privacy breaches often grab headlines, making organisations and the public more aware of the potential dangers posed by insider threats. This heightened awareness can increase investment in Insider Risk Management Programs, resources, and technologies.
  • Focus on Data Governance: Stringent data privacy regulations often demand robust data governance frameworks to effectively classify and protect sensitive information. Aligning Insider Risk Management Programs and data governance goals can improve data security overall.
  • Proactive approach: Data privacy concerns emphasise preventing data breaches rather than simply reacting to them. This can drive Insider Risk management Programs towards a more proactive approach, focusing on employee training, threat detection, and vulnerability management.

It’s critical to make clear that there is more going on here than just a straightforward cause-and-effect link between insider threats and data privacy problems.

While it’s true that growing privacy concerns may give rise to some circumstances that could increase the likelihood of insider threats, an increase in insider threats could also lead to an escalation in privacy governance.

Prediction #6

Hybrid Workforce Persists

Working in the office can sometimes feel like being in a fishbowl with employees swimming around in circles, waiting to be fed their next assignment.

The COVID-19 pandemic has catalysed workplace change, forcing employers to adapt to remote work and re-evaluate their traditional office-based models.

Needless to say, this created a state of anxiety, apprehension and high alert. The perception and awareness of doing business as usual ran out of the door.

Emotions were running high. Stress swelled. Fear was in everyone’s mind.

Such an environment will most likely lead to insiders making mistakes, losing sensitive information, and potentially damaging critical assets, intentionally or accidentally.

In times of severe stress, human beings will revert to the most fundamental instinct—“survival”, and consequently, logical thoughts will be thrown out of the window.

People are an organisation’s most important asset, but people are also human.

A large proportion of the global workforce operating outside the office has created new problems. The increased reliance on cloud systems, coupled with potential financial pressure, job insecurity, unfamiliar circumstances, and the general anxiety of a global pandemic, have created a perfect storm.

According to the Ponemon Report, 2022 saw a 34% increase in insider threat incidents. (source:

Will The Hybrid Workforce Continue?

Focus on the pandemic may be receding, but the hybrid work model appears to have a staying power.

According to the Littler Mendelson PC report, over 70% of US employers embrace hybrid work models. (source:

Despite economic uncertainty and layoffs at major organisations, only 20% of respondents believe in returning to a more in-person work environment.

While the hybrid work model offers many benefits for both employees and employers, it also increases the opportunity for insider threats.

  • Blurred lines: Physical and digital boundaries between work and personal life can blur in a remote setting, making monitoring data access and activity harder. This can create opportunities for individuals to engage in unauthorised activities without immediate detection.
  • Reduced visibility: Monitoring network activity and data access are more complex when employees are not physically present in the office, making it harder to identify suspicious behaviour in real time.
  • Poor data management: In many cases, employees accidentally violate security regulations and download corporate sensitive data onto their unsecured devices, making them uncontrolled by their organisation and exposing them to regulatory risk.
  • Poor cyber hygiene: Working from home and probably using their own computers as work devices without the proper cyber hygiene they were accustomed to while in the office posed a greater risk to the organisation.
  • More opportunities to abuse organisation assets: Outside of the watchful eye of the security and IT teams, malicious insiders have more opportunities to create trouble. They can steal data, share it with hacker groups, engage in espionage, or practice insider trading. For example, another new threat that has emerged in the last two years is cybercriminals and state-sponsored offering insiders’ money to help breach the company network.

How Will You Prepare For 2024?

“Success is where preparation and opportunity meet”. This statement beautifully embodies the delicate balance between being ready and seizing the right moment.

In the world of protecting an organisation’s critical assets, success comes from being ready and spotting trouble at first sign.

Preparation and opportunity can be defined in the following:

  • Secure: Being secure means investing in cost-justified security controls to protect the organisation’s most important assets.
  • Vigilance: Being vigilant means putting more significant effort into gaining insights around visibility and insights into threats that could harm these critical assets.
  • Resilience: Resilience means seeking to respond more effectively when an organisation’s businesses or systems have been disturbed and returning to normal operations as quickly as possible.

The insider threat problem presents different challenges to organisations attempting to go beyond information technology management and establish a robust risk management program.

If you are a cyber risk manager struggling to manage risks from insiders, then you are not alone.

Insider threats is not a technology problem. Insider activity, especially if they are malicious, moves along a continuum from idea to action. Such employees will find ways to evade security controls, making themselves so much harder to detect.

If you are a C-level executive or a board member and struggle with overcoming risk-spot blindness, then you are not alone.

Insider threats aren’t just the immediate damage they can inflict but the broader cascading effect on the organisation’s reputation, finances, competitive edge, and long-term stability.

The challenge lies in proactively preparing a culture of trust, vigilance, and security awareness while implementing robust security measures to prevent, detect, deter and mitigate insider threats before they materialise.

If you want to build an insider threat program for your organisation and require expert advice to guide you on your journey, please register your details
Alternatively, register your interest in the upcoming course “Building An Insider Threat Program”
Toxic Behaviour

Do You Have A Toxic Disengaged Employee In The Workplace?

Do You Have A Toxic Disengaged Employee In The Workplace?

Imagine a silent plague infecting your workplace: employees who walk through the door daily but leave their enthusiasm and productivity at home.

They’re not loud or disruptive, just toxically disengaged – ghosts drifting through cubicles, draining the lifeblood from your team.

This video dissects this insidious threat, peeling back the layers of apathy and low morale to reveal the hidden costs.

Are you ready to diagnose and cure the epidemic of toxic disengagement? Click play, and let’s revive your workforce, one spark at a time.

This is your opportunity to gain FREE access to the insights and guidance of a veteran in cyber defence

Toxic Behaviour

Do You Have A Toxic Mistrust Employee In Your Workplace?

Do You Have A Toxic Mistrust Employee In Your Workplace?

Imagine this: the foundation of your life, every relationship, every belief, built on quicksand.

That’s toxic mistrust, a corrosive creep that eats away at the very fabric of our existence.

It’s not just harmless scepticism. It’s a paranoia-laced cocktail of doubt, suspicion, and cynicism that poisons everything it touches.

In this video, we’ll crack open the vault of distrust, exploring its shadowy origins, from personal betrayals to organisational rupture.

Click play, and let’s embark on a journey through the tangled web of toxic mistrust. You might just find the key to unlocking a healthier, more connected future.

This is your opportunity to gain FREE access to the insights and guidance of a veteran in cyber defence

Toxic Behaviour

Do You Have A Toxic Complainer In Your Workplace?

Do You Have A Toxic Complainer In Your Workplace?

Have you ever wondered why some complaints breed solutions while others only spread dissatisfaction?

In this video, we’ll dissect the psychology of the chronic moaner, unravelling the science behind their perpetual frown.

We will explore why their pessimism is contagious, how it saps the joy from those around them, and understand its impact on team dynamics.

So, buckle up, grab your virtual earplugs, and prepare to dive into the murky world of toxic complaining.

You might just be surprised by what lurks beneath the surface… Are you ready for some uncomfortable truths? Click play, and let’s get grumpy!

This is your opportunity to gain FREE access to the insights and guidance of a veteran in cyber defence


Rising Risk: The Escalating Menace Of Insider Threats In Small To Medium-Sized Businesses

Rising Risk: The Escalating Menace Of Insider Threats In Small To Medium-Sized Businesses

When considering insider threats, the familiar mental image often involves envisioning an undercover operative or a double agent with a singular objective: The covert extraction of sensitive information from large and technologically advanced corporations. The portrayal of such scenarios in James Bond films effectively establishes the backdrop for this perception.

However, insider threats are much more widespread than many people realise.

While we may think that large organisations are the perfect target for such scenarios, small to medium-sized businesses (SMEs) also suffer the consequences of a breach of trust.

In fact, insider threats pose a serious risk in any business environment, but they can be disastrous for SMEs.

Take the Example of the Largest Municipal Fraud in American History

What happened?

Rita Crundwell stole over $53 million of public funds across two decades in office as the City Comptroller and Treasurer for Dixon, Illinois, a town with a population of just 16,000.

She used the funds to build one of the nation’s leading quarter horse breeding empires and threw lavish parties for community leaders at her home, all while the town endured cuts to public staff, emergency services budgets, and work on maintaining public infrastructure.

In 2012, after a close colleague turned whistleblower finally uncovered her scheme and alerted the Mayor, the FBI arrested Crundwell as the largest municipal fraud perpetrator in American history.


  • How did Rita Crundwell steal over $37,000 daily from a town with an annual budget of around $6 million?
  • How could such embezzlement go undetected in annual audits by two independent accounting firms and in annual audit reviews by state regulators?
  • How did local residents not become suspicious of Crundwell’s extravagant wealth and frivolous spending?

Feature film

This story has turned into a feature film called “All the Queens Horses” and tells the story of Rita Crundwell, the perpetrator of the largest case of municipal fraud in American history.

When business owners focus towards safeguarding their enterprises, the primary emphasis is frequently placed on countering cybersecurity threats.

Cyberattacks like phishing, social engineering, malware and other direct cyber assaults aimed at compromising the integrity of business computer systems are a vital concern.

However, not all threats originate from outside your organisation. Insider threats are a real security risk, and there are many types that you should be aware of if you want to ensure your business is protected.

This article will examine why SMEs must proactively identify hidden dangers to their business.

What Are Insider Threats?

To start with, let’s define insider threats.

An insider is anyone who has or had authorised access to your business assets. This insider can be your employee, a contractor, a former employee, a trusted third party, a partner, a vendor, or even a former employee.

Insider threat can be defined as the potential for an individual who has or had authorised access to an organisation’s assets to use their access, either maliciously or unintentionally, to act in a way that could cause harm to the organisation’s assets.

Types Of Insider Threats

Insider threats can be broken into two groups: Malicious and non-Malicious.

What makes them different is the intention. There is a motive.

  • Malicious threats are those that intend to cause harm and negatively affect their organisations.
  • Non-malicious (accidental) are those people who, through their actions, unknowingly (without intention) cause harm.

Malicious Insider Threats

The principal goals of malicious insider threats include espionage, fraud, intellectual property theft, sabotage and misuse of information. They intentionally abuse their privileged access to steal information or degrade systems for financial, personal and/or malicious reasons.

What motivates people to intentionally cause harm to their organisation? The most simplistic explanation that the community tends to talk about is “MICE”, which can be explained as follows:

  1. M for Money: This refers to individuals motivated by financial gain. Insider threats driven by the desire for monetary rewards may involve theft, fraud, or the unauthorised sale of sensitive information.
  2. I for Ideology: Individuals motivated by ideology are guided by strong beliefs or convictions. Insider threats in this category may arise when employees align themselves with a particular ideology or cause that conflicts with the organisation’s interests.
  3. C for Coercion: Coercion involves using force, threats, or other pressure to compel individuals to act against their will. Insiders may become threats if they are coerced into compromising the organisation’s security.
  4. E for Ego: Ego-driven motivations involve individuals seeking recognition, status, or personal satisfaction. Insider threats with ego motivations may manifest as employees who attempt to prove their capabilities, challenge the system, or seek revenge for perceived slights.

Non-malicious Threats

Although “malicious insider threats” tend to be the subject of newsworthy media stories, most insider incidents are caused accidentally through carelessness, negligence, or ignorant actions.

  • Negligence refers to taking those who do not take reasonable care or fulfil a duty of care. Such people may disregard safety protocols or rush through their jobs without reasonable care, which can harm themselves or their organisation. For example, someone who clicks on a link or opens a malicious attachment.
  • Carelessness refers to a lack of attention that results in mistakes or accidents. For example, someone who may leave sensitive information lying around.
  • Ignorance refers to someone making poor decisions and failing to follow the rules or guidelines due to a lack of knowledge or awareness about a particular situation.

Common Examples of Unintentional Insider Threats:

  • Clicking on malicious phishing links
  • Opening up malicious attachments
  • Falling for social engineering attacks
  • Send confidential data to the wrong recipient
  • Ignoring security policies
  • Oversharing personal and confidential information on social media
  • Careless use of USB drives
  • Using easily guessable passwords

What Are The Most Significant Insider Threats Facing SMEs?

While I have outlined the different types of insider threats above, here are some of the more troubling threats that SMEs need to be aware of.

Workplace Embezzlement

Embezzlement is the misuse or theft of company funds or company property. Embezzlement occurs when funds or resources from a business are misused for personal gain.

There are a variety of ways that an employee or business owner can steal or misappropriate resources. Here are some of them:

  • Stealing money from cash registers – Employees may void the transaction and keep the money for themselves
  • Cashing customer checks – Employee sets up a bank account similar to the company, and they then cash customer money
  • Overbilling customers – Employee may charge customers more than the company’s rate and pocket the difference
  • Forging payments – Employees writing company checks to themselves
  • Faking vendor payments – Employee sets up a fake vendor account and sends that money to themselves
  • Stealing customer credit card details – Employee uses customer card to buy goods and services for themselves
  • Stealing cash – Taking small amounts of money and hoping no one notices.
  • Stealing office supplies – Stealing the company’s assets and tasking it home
  • Stealing tax funds / returns – Employees responsible for tax payments may keep that money.
  • Using company resources to start/run their business – Employee uses company time, equipment, or funds to start their own business without their knowledge
  • Creating ghost employees – Employees who control payroll may set up fake employees on the system but pay these false employees to accounts that this person owns.

Employee embezzlement can have significant and wide-ranging impacts on an organisation. Some of the critical consequences include:

  • Financial loss
  • Erosion of trust
  • Reputation damage
  • Operation disruptions
  • Legal significances
  • Loss of productivity
  • Employee morale
  • Increased security measures
  • Long-term effects

The following is a real story of how an IT manager defrauded the organisation for which he worked.

Example: IT Manager Defrauded $1.7 Million from a TAFE in Western Sydney

What happened?

Ronald Cordoba was acting manager of information and communications technology services at the TAFE NSW South Western Sydney Institute.

He admitted using his position as ICT manager at the TAFE to sign off on $1.7 million worth of invoices from a company he had set up called ITD Pty Ltd.

For example, he charged the TAFE $150,000 for two year’s worth of Dropbox enterprise licenses, which he had bought from Dropbox for a little over $70,000.

He conducted email exchanges between himself and a fake ITD account manager called ‘Alicia’ to copy in colleagues and maintain the semblance of a legitimate third-party provider.

He also admitted to buying dozens of products that the TAFE never received.

Workplace Theft

The above example clearly demonstrates the interconnectedness between the physical-cyber-human world. No amount of cybersecurity tools would have stopped this crime from taking place

Managing Risk And Uncertainty

At first glance, “employee theft” might evoke images of a staff member discreetly leaving with office supplies like pens or a stack of paper. However, upon closer inspection, it becomes clear that this issue extends beyond physical items. Employee theft manifests in diverse forms and complexities, from the misuse of company time for personal activities to more intricate forms of dishonesty.

  • Time theft – Using company time to conduct personal businesses or simply not working while on the clock
  • Data theft – Stealing company intellectual property and other company data, including sensitive or confidential information
  • Financial theft – Stealing company funds, including diversion of funds or payments before they get recorded by the company
  • Customer theft – Pocketing payments from customers without recording the transaction
  • Identity theft – Using a colleague’s personal information for identity theft or fraud
  • Software theft – Stealing organisation software and licenses for personal use or to sell
  • Hardware theft – Taking organisation hardware for personal use or to sell
  • Inventory theft – Taking the company’s equipment, tools or inventory for personal use or sale.
  • Services theft – When an employee uses a service for personal gain without permission from their company

Workplace theft can significantly impact an organisation’s financial health, reputation, and overall functioning, similar to workplace embezzlement.

Here are some statistics that you should know:

  • 34% of fraud cases in small businesses are internal/employee-related (Verizon Report – Very Small Business Cybercrime Protection Sheet)
  • 22% of small business owners have had employees steal from them (
  • 88% of employee theft cases include attempts to hide the fraud (Association of Certified Fraud Examiners: Occupation Fraud 2022)
  • Small businesses are more likely to deal with check and payment tampering and skimming than other businesses (ACFE)

What Can You Do To Mitigate The Risk?

While large enterprises have taken considerable measures to combat insider threats through an insider threat program (through prevention, detection, deterrence and response measures), small and medium-sized businesses have been left vulnerable due to their lack of financial, IT resources and internal expertise.

While it’s essential to understand how devastating insider threats can be, there is a way to reduce the risk for your organisation.

Some Essential Points

  1. Insider threat is a business, not a technology problem. You are dealing with people’s beliefs, values, emotions, habits and needs that change dynamically over time.
  2. It is essential to realise that every organisation is unique, and the type of threats it faces will be different due to the type of assets it holds and the strategies it tries to execute.
  3. Protecting everything is a useless goal. While perhaps it’s not impossible, it is economically impractical and will likely impede important business initiatives.

Concept Of The Three-legged Chair

The three-legged principle works as follows: It takes only three principles working together to protect yourself, your family or your organisation from insider threats. If one of the three-legged stools is missing or broken, it will not support you

  1. You must accurately judge trust.
    • Begin with the hiring process – Companies should verify a candidate’s character capabilities and skill set with thorough background checks.
    • Establish clear security policies – Establish and enforce organisation cybersecurity policies. So much of the employee conduct will be guided by what the organisation considers safe and acceptable use.
    • Nurture cyber awareness within the organisation – Create a cyber and insider threat awareness culture. Staff should undergo regular training so that they have the confidence to identify both external cybersecurity threats and internal risks that could potentially harm the organisation. People cannot protect themselves or the business from risks they aren’t aware of
    • Have strict offboarding procedures – Since many malicious insider threats originate with former employees, it is critical to take fast action to terminate employee accounts and access them as soon as an individual leaves the company. This should significantly reduce any risk imposed by disgruntled or departed employees.
  2. You must accurately judge access
    • Know your critical assets – Inventorying your assets is crucial for implementing the required security controls and policy measures to protect them.
    • Limit strict access controls on what people can do – Organisations should use stringent password and account management policies and practices to prevent insiders from compromising user accounts.
    • Enforce separation of duties – Separation of duties requires dividing functions among multiple people to limit the possibility that one workforce member could steal information or commit fraud.
  3. You must be vigilant
    • Anticipate and manage risky behaviour – Ensure clear and consistent communication with your workforce about acceptable workplace behaviour to avoid any unexpected negative situations.
    • Pay attention to possible insider threat indicators – One of the most effective ways to reduce the risk of insider attacks is to monitor employee behaviour for known threat indicators. For example, if their behaviour has changed somewhat from their everyday activities.
    • Maintain good cybersecurity Hygiene – Practicing strong cyber hygiene goes a long way towards protecting your business from insider threats and deterring would-be bad actors in the first place.


Damage and the risk of damage from trusted insiders are not new for small to medium size businesses. There are plenty of stories, both malicious and unintentional, that have caused damage and sorrow.

A common misconception for SMEs is an idea of security through obscurity that your business is too small to be a target, but unfortunately, this is not the case.

SMEs hold valuable assets and are a much easier target given that they have less stringent technological defences, less awareness of threats and less time and resources to protect themselves effectively.

The impact of security breaches on SMEs is more substantial than for larger organisations. The costs to the business are proportionately higher. Lost customers. Lost brand confidence. Lost proprietary IP. Lost vendor relationships. Loss of reputation. And potentially loss of business.

Running a business is no small feat. It requires dedication, hard work and smart decision making.

When it comes to securing your business from insider threats, consider the three-legged analogy. Remember that no security measure is future-proof, so doing the little things well and continuously adapting to new changes within your business is the key to protecting your business.