What Is The Difference Between Data Loss Vs Data Leakage Vs Data Theft Vs Data Exfiltration?

What Is The Difference Between Data Loss Vs Data Leakage Vs Data Theft Vs Data Exfiltration?

Fictitious story

FinTech Solutions is a financial technology company that develops cutting-edge software for banking institutions. They have strict data security policies in place to protect sensitive customer information. However, they recently experienced a security incident involving one of their employees, Ben.

One morning, the IT team at FinTech Solutions noticed unusual network activity originating from Ben’s workstation.

Upon investigation, they discovered that Ben had been sending confidential financial transaction logs and customer account details to an email address outside the company’s domain.

As the investigation unfolds, it becomes clear that Ben has been secretly collecting and transmitting sensitive data for several weeks. He used his insider access to bypass security measures and extract data from the company’s databases without authorisation.

Can you guess what data risk type this is? Is it:

  • Data Loss?
  • Data Leakage?
  • Data Theft?
  • Data Exfiltration?

We often talk about data loss, data leakage, data theft and data exfiltration as if they are interchangeable. But, in fact, they are very different. And what makes it the difference is “intention”.

“Intention” is often defined as the purpose, aim, goal or objective to commit in carrying out action or actions in the future. It involves mental activities such as planning, rehearsal and forethought.

The difference between malicious and unintentional insider incidents is that the former has “intent” to commit a malicious act, whereas the latter has no “intent”.

Data Loss

Is the result of data that has been unintentionally or accidentally misplaced so that it is no longer accessible. Simply put, it is lost.

Here are some examples.

  • One ofthe easiest ways to suffer data loss is by accidentally deleting the files without having any available backup.
  • The computer disk drives may be physically damaged. They eventually break down over time.
  • Power failures can ruin the effort and the time that you spent developing articles which were unfortunately not saved.
  • Water and fire damage on your expensive computers will definitely affect the electronics as well as the hard drive.

We often lose data simply because we don’t have a proper workflow or procedure for data restoration.

Data Leakage

Is the result of the unauthorised and unintentional transmission of data within an organisation to an outside party. Be aware that data can be transferred electronically or physically.

Here are some examples.

  • Someone is taking a report home and accidentally misplaces it in the bus/taxi/train/plane. The leak occurs if someone takes that report.
  • Sending an email with corporate information to the wrong recipient.
  • Posting sensitive corporate information onto social media or public website with little security allowing the possibility of untrusted and unauthorised people to access information.
  • Uploading work documents to unauthorised cloud storage to be able to access work from home.
  • Unauthorised removal of physical equipment such as tapes, disks, or machines so that they can be worked on by a third party. How often have you seen a 2ndhand disk drive with someone else content on it?
  • Storing sensitive information or programs on their laptops so that they could have full control over it.

Data Theft

Data theft refers to the unauthorised or illicit act of intentionally stealing or taking sensitive, confidential, or proprietary data from its rightful owner or custodian. This type of cybercrime involves accessing, copying, or transferring data without permission, often with the intent to use it for personal gain, financial fraud, competitive advantage, espionage, or other malicious purposes.

Here are some examples:

  • Direct access: Unauthorised access to a computer system, database, or storage device to steal data directly from its source.
  • Data copying: Making unauthorised copies of files, documents, databases, or other digital assets containing sensitive information.
  • Data transfer: Illegally transferring data from one location to another, such as from a company’s network to an external device or server.
  • Data interception: Capturing data while it’s in transit, such as intercepting network communications or capturing data from unsecured wireless networks.

Data breach: Inadvertently or intentionally exposing sensitive data due to inadequate security measures, which can lead to data theft by malicious actor.

Data Exfiltration

Is the result of unauthorised but intentionally copying, transferring or retrieval of data from within the organisation and taking it out. It is often referred to as “data theft”.

Data exfiltration is primarily a “data breach” when the organisation data is illegally stolen. And the reason they steal it is usually for business advantage. They either take it with them to a new job, to start a new competing business or to take it to a foreign government or organisation.

Note, according to the insider threat division of CERT, nearly 75% of all data theft was carried out by insiders who had authorised access to the information.

Now that you know the difference between data risk types, what is your answer to the type of data risk type?

In this scenario, the threat can be identified as Data Exfiltration and Data Theft since Ben intentionally extracted and transmitted sensitive financial data outside the company’s secure environment for personal gain or other malicious motives.

But what is the difference between data theft and data exfiltration, I hear you ask?

  • Both data theft and data exfiltration involve unauthorised actions.
  • Both data theft and data exfiltration are intentional actions

However, data theft term is often used in a broader sense to describe any instance where data is stolen, regardless of whether it’s taken from within the organisation (insider threat) or from outside (external threat).

Data exfiltration, on the other hand, specifically highlights the method by which data is stolen. It refers to situations where data is not just stolen but is actively transferred or removed from the organisation’s internal systems or network to an external destination.

In this fictitious scenario, where an employee secretly collects and transmits sensitive data over a period of time without explicitly mentioning the extraction method, it’s more accurate to classify this as data theft.


  • Collection and transmission:The scenario mentions that the employee has been collecting and transmitting sensitive data for several weeks. This behaviour aligns more closely with data theft, where the focus is on the unauthorised acquisition of data rather than the movement of data outside the organisation.
  • Intent and duration:The fact that the employee has been engaging in this behaviour for an extended period suggests a concerted effort to gather confidential information for personal gain or other malicious purposes, which is characteristic of data theft.

What Can You Do Moving Forward?

As the saying goes, “Data by itself doesn’t leave the organisation by itself.”

It is essential that your organisation understand its information assets. Key questions that you must answer before you can move forward with the right strategy, you need to answer the following questions.

  • What types of data are processed? Is it medical information, personally identifiable information, credit card numbers, inventory records, etc.?
  • What kind of devices process this data? Is it servers, workstations, laptops, mobile devices, etc.?
  • Where is the data stored, processed and transmitted? Single location, multiple locations, foreign countries?
  • How is this data being moved or transmitted? Does it involve only corporate channels, or can it be moved to non-corporate channels like USBs, personal emails, and cloud storage?
  • What are the critical processes and systems that support the data?
  • And who has access to these information assets? Should they have such access in the first place?

Answering these questions will help your organisation inventory your data and, importantly, develop the appropriate mitigation strategy for data loss, leakage, theft, or exfiltration.

Take The Challenge

What is your capability to detect, prevent, deter and respond to insider threat harm? Would you be interested in finding out how you compare to your industry peers? Would you be surprised to know that most organisations that have taken this assessment are somewhat vulnerable? To find out more,


Is All Data Theft An Insider Job?

Is All Data Theft An Insider Job?

“Data theft is a curious paradox- unseen hands reaching for digital treasures, where the line between protector and pilferer blurs in the shadows of insider access.”


They say that “Data never leaves the organisation by itself”.

Could that be true?

Imagine the scenario where one of your seasoned salespersons, armed with your company’s strategic plans, abruptly leaves to join a competitor, potentially giving away your carefully crafted market strategies and trade secrets.

Alternatively, picture a situation where a new employee, seemingly innocuous at first glance, joins your team only to discover that they’ve brought an entire database of customer relationship material from their previous job, including contact lists, client preferences, and sensitive transaction histories. This could breach confidentiality and raise concerns about ethical practices and data protection.

Now, consider a third scenario: a trusted IT specialist with access to your network infrastructure decides to siphon off valuable intellectual property, such as software codes, algorithms, or proprietary technologies, with intentions to sell or utilise them elsewhere for personal gain.

Adding another layer, envision a consultant hired for a specific project who leaks crucial project details and methodologies to unauthorised parties instead of adhering to non-disclosure agreements, jeopardising your competitive edge and reputation in the market.

Lastly, think about a disgruntled executive who, upon departure, deliberately sabotages your digital systems, erasing critical data, disrupting operations, and causing financial losses, all in the act of retaliation or malice.

While these scenarios are fictitious, they highlight valid concerns about internal threats.

These examples demonstrate that data breaches can originate from within an organisation, whether due to malicious intent, negligence, or exploitation of vulnerabilities.

The question is… is all data theft resulting from an insider job?

Data theft can result from insider actions, but it’s not exclusively caused by insiders. We will discuss this later.

Insider threats, which include employees, contractors, vendors, and trusted third parties, can contribute to data theft through various means, such as malicious intent, negligence, or social engineering.

However, most would argue that external actors like cybercriminals, hackers, and malicious entities can also perpetrate data theft through cyberattacks, phishing, malware, and other techniques.

Have we, therefore, agreed that not all data theft is an insider job?

Let’s look more closely.

We generally define corporate data theft as when current or former employees, contractors, or business partners steal confidential or proprietary information from the organisation and use it to get another job, help a new employer, or promote their own side business.

Let’s review the many different ways data can leave the organisation, and for each case, we will identify whether it was internal or external.

  • The negligent Insiders are those you are most familiar with. These insiders had their computers infected with malware. These employees are typically infected via phishing scams or by clicking on links that cause surreptitious malware downloads. The computers of compromised insiders can then be used to exfiltrate data.
    • Example: Sony Pictures Entertainment data theft

In 2014, Sony Pictures Entertainment experienced a significant breach, leaking sensitive corporate information and employees’ personal data. The breach was initiated through a sophisticated phishing attack targeting company employees. Hackers sent convincing emails disguised as legitimate communication from within the organisation, prompting recipients to click on malicious links or provide login credentials.

  • Responsible for breach? Internal – The employee
  • The careless insidersare those who act carelessly, ignoring or bending the rules and making mistakes.
    • Example: Equifax data breach

In 2017, a cybersecurity incident occurred at Equifax, one of the largest consumer credit reporting agencies in the United States. The breach exposed the personal information of approximately 147 million people. Investigations later revealed that the breach was caused by a series of failures and carelessness within the organisation.

  • Responsible for the breach? Internal – The employee
  • The ignorant insidersare those who act with ignorance, making poor decisions and failing to follow the rules or guidelines.
    • Example: Australian Department of Immigration and Border Protection G20 data breach

During preparations for the G20 summit, an employee of the Department of Immigration and Border Protection accidentally sent an email containing the passport details, including photos, of world leaders such as then-U.S. President Barack Obama, German Chancellor Angela Merkel, and Russian President Vladimir Putin, among others. The email was sent to an organiser of the Asian Cup football tournament instead of the intended recipient within the department.

  • Responsible for the breach? Internal – The employee
  • The ambitious insiders are those employees who have an intentional reason to steal information for business advantage, either to take with them to a new job, to start their own competing business or to bring to a foreign organisation or Government.
    • Example: Tesla Data Theft

In 2018, a former employee of Tesla named Guangzhi Cao was accused of stealing proprietary information from Tesla with the intention of starting his own competing business. Cao, who worked as an engineer on Tesla’s Autopilot team, allegedly downloaded more than 300,000 files containing trade secrets and Autopilot-related source code onto his personal iCloud account before resigning from Tesla.

  • Responsible for the breach? Internal – The employee
  • The entitled insidersare those who believe that they are entitled to information, and, therefore, they think they have the right to take the information with them. This sense of entitlement can be particularly strong if the insider perceives their role in the development of products.
    • Example: Google vs Uber – Data theft

In 2017, Waymo, a subsidiary of Google’s parent company Alphabet, sued Uber for trade secret theft. Waymo alleged that a former employee, Anthony Levandowski, who later founded a self-driving truck startup called Otto, stole trade secrets related to autonomous vehicle technology while working at Waymo. Uber acquired Otto, and Waymo claimed that Uber benefited from stolen technology.  

  • Responsible for the breach? Internal – The employee
  • The Coerced / Colluded Insiders are those employees who are either coerced or collude with an external party. Outsiders recruit insiders to commit the theft of information.
    • Example: GE Economic Espionage

A former General Electric (GE) engineer, Zheng Xiaoqing, and a Chinese businessman were charged with economic espionage and theft of GE’s trade secrets.

Zheng Xiaoqing allegedly used his position to steal proprietary information related to GE’s gas and steam turbine technologies. He then conspired with a Chinese businessman to sell this stolen information to Chinese companies.

Responsible for the breach?  Internal – The employee

  • The trusted business partnersare organisations, such as partners, vendors, and contractors, that have access to the organisation’s critical assets.
    • Example: NSA Data Theft by Edward Snowden

In 2014, a contractor working for the National Security Agency (NSA) named Edward Snowden made headlines worldwide when he leaked classified information about NSA surveillance programs to journalists. Snowden, employed by Booz Allen Hamilton, a consulting firm contracted by the NSA, had access to highly sensitive documents and information due to his role as a systems administrator.

  • Responsible for the breach? Internal – The trusted partner
  • The new employee or departing employees are those who either bring information with them from the previous employer or take information to their new job for personal gain.
    • Example: NSO Stolen Code

In 2019, Najafi was indicted by Israeli authorities for stealing highly sensitive software code and attempting to sell it to a potential buyer in the Netherlands. The stolen code was part of NSO Group’s Pegasus spyware, a powerful surveillance tool governments worldwide use to monitor smartphones and access data.

Najafi, who had worked for NSO Group for several years, allegedly downloaded the stolen code onto his personal devices before resigning from the company. He then attempted to sell the stolen software to a Dutch cybersecurity firm for $50 million.

  • Responsible for the breach? Internal – The employee

Thus far, we’ve explored different forms of data theft carried out by insiders, whether they deliberately intended to steal information or inadvertently disclosed it.

In either scenario, the blame consistently fell on the trusted internal insider who was authorised and had access to sensitive information.

Does this mean that all data theft is an insider’s job? Let’s hold on to that thought for the time being.

One scenario we haven’t considered is cyber hacking into an organisation to steal information.

Data theft through the process of cyber hacking an organisation would not be considered an insider job if and only if the organisation’s employees were not manipulated, coerced, or socially engineered to divulge information.

It’s worth noting that a determined cyber hacker can only succeed if the organisation’s systems are vulnerable to such attacks.

It’s worth noting that people are responsible for creating and maintaining systems, making organisations vulnerable to potential skill and capability gaps needed for effective system security

In conclusion, it’s much easier to ask someone to open the door than to smash it down.

“No matter the industry or size, every organisation is susceptible to the risk of a trusted employee either causing a data leak or taking their most valuable assets with them.”

Key Takeaway

  1. Data Theft by Insiders: Most instances of data theft stem from insiders within an organisation, whether through deliberate intent or accidental disclosure. Insiders are trusted people with access to sensitive information and can exploit this access for personal gain or unintentionally expose data due to negligence or lack of awareness.
  2. Risk of Insider Threats: Organisations must recognise the significant risk posed by insider threats and implement measures such as access controls, monitoring, and employee training to mitigate these risks. Insider threats can come from employees, contractors, or trusted partners with privileged access to data.
  3. Human Vulnerabilities: Human vulnerabilities play a critical role in data theft scenarios. Insider threats often take advantage of human vulnerabilities, such as negligence or lack of awareness, to carry out data breaches within organisations. Employees with access to sensitive information may inadvertently expose data or intentionally misuse it for personal gain, highlighting the importance of addressing human behaviour in data protection strategies. Furthermore, external cyber attackers target human vulnerabilities, such as phishing susceptibility, as entry points to infiltrate organisations and gain unauthorised access to confidential data against insider threats and external cyber attacks targeting human weaknesses.
  4. Cyber Attacks as an External Factor: While insider threats are prevalent, organisations also face the risk of external cyber attackers exploiting vulnerabilities in their systems. Determined cyber attackers can bypass security measures and gain unauthorised access to sensitive data, leading to data theft and other cyber incidents.
  5. System Vulnerabilities: The presence of vulnerabilities in an organisation’s systems increases the risk of successful cyber attacks. These vulnerabilities can result from misconfigurations, outdated software, lack of patch management, or other weaknesses that cyber attackers can exploit.
  6. Insider Job:When considering data theft, it’s crucial to recognise that insiders rather than external actors perpetrate the majority of all of these incidents. Trusted employees or insiders within organisations often exploit their privileged access to sensitive information, making insider data theft a prevalent and concerning issue.

Why Data Loss Prevention Tools Are Failing To Stop Insider Data Theft

Why Data Loss Prevention Tools Are Failing To Stop Insider Data Theft

“In the silent exchange of data theft, we’re not just losing information, we’re surrendering fragments of our humanity, leaving us to ponder what it truly means to be secure in an increasingly transparent world.”

– Anonymous

On the 25th of June 2019, McAfee, one of the biggest security software companies in the world, filed a lawsuit against several former employees, accusing them of stealing trade secrets before starting new positions with Tanium (a competitor).

To carry out the alleged theft, the employees did not use the type of sophisticated technology that you might expect.

Instead, according to the lawsuit, confidential company information was moved to unauthorised USB devices, as well as through private email addresses.

Ironically, a company that professes to be the leader in security solutions around Data Loss Prevention suffered its own fate.

Let’s first identify Data Loss Prevention objectives.

Data Loss Prevention (DLP) is about keeping sensitive data safe from unauthorised eyes and preventing it from ending up in the wrong hands.  

The goal is simple but essential: Ensure that critical data isn’t used improperly or mistakenly shared with unauthorised individuals and prevent intentional theft or unauthorised access to sensitive information.

Critical components of a DLP begin with determining which sensitive data needs extra protection. This means sorting data into categories based on data classification and its importance and sensitivity. This step is super important because it helps decide what kind of security each requires when identifying sensitive data needs.

After identifying this data, it’s crucial to label it clearly and keep an eye on it to ensure it isn’t accessed or shared without permission.

The next big part of DLP is monitoring and controlling how data is accessed data, stored and transferred within the organisation.

Finally, having an automated response to potential data loss threats is vital.

Why didn’t McAfee use its software to protect its trade secrets appropriately?

It’s hard to know the real reason, but here are some probable causes:

  • It’s possible the information was encrypted, and the DLP solution couldn’t detect the theft.
  • It’s possible that they trusted their employees and decided not to use the DLP solution internally.
  • It’s possible that due to the complexity of the software and data, it was misconfigured and could not detect the data theft.
  • It’s possible it wasn’t set up to monitor nor detect that specific sensitive information leaving the organization.
  • It’s possible, and most likely, that even with all the security controls in place within McAfee, those trusted employees knew how to evade internal security.

Either way, it placed McAfee in a very awkward situation.

  • They incurred significant legal costs, including attorney fees, court filing fees, and related expenses, to fight this case.
  • They suffered reputation damage, eroding trust amongst its clients, investors and partners.
  • Loss of intellectual property. Trade secrets that are no longer secrets lose their value.
  • Loss of competitive advantage as they potentially face increased competition and challenges in maintaining their position in the marketplace.

You can find the source of the story here.


The takeaway from the McAfee and Tanium lawsuit is the importance of employee loyalty and adherence to non-disclosure obligations.

In competitive industries like cybersecurity vendors, where proprietary information and trade secrets are highly valuable, employees must uphold ethical standards and legal agreements even when transitioning between companies. Failure to do so can lead to costly legal battles, damage to professional reputations, and strained relationships within the industry.

The key lesson highlights that placing blind trust in employees’ loyalty always to do what’s right can potentially lead to unforeseen harm to the organisation.

This story vividly illustrates the severe repercussions that can occur when employees prioritise personal gain over loyalty to the organisation and disregard non-disclosure agreements.

What factors contribute to the limited effectiveness of DLP solutions?

Several factors can potentially contribute to a DLP solution’s limited effectiveness. Let’s explore them in more detail.

Part of the challenge is that data has never been more portable. So, taking it has never been easier.

Sales lists, product specs, pricing information, payroll data and even contact lists are just a few examples of small but critically essential files that are simple to take.

Employees can store hundreds of gigabytes on their mobile devices, put 1TB or more of data on removable media, or quickly transfer data to personal cloud storage services like Dropbox.

Side note:

The Insider Threat Division of CERT published several key points when it comes to information theft:

  1. Most insiders steal information as they are leaving the organisation.
  2. It’s challenging to detect such acts of theft because insiders steal information to which they already have authorised access.
  3. It’s difficult to detect the theft of information until that data is actually in the process of being stolen. Hence, the window of opportunity is relatively small.

One area that is particularly vulnerable for organisations is employees bringing their own smartphones, which can present numerous challenges for DLP solutions:

  1. Data Leakage via Photos:Smartphones with cameras can be used to capture sensitive information, such as documents, whiteboards, or computer screens, potentially leading to data leakage if these images are not properly secured or monitored.
  2. Unauthorised Data Storage:Employees may use their smartphones to store work-related files or data, creating data security risks if these devices are not adequately protected or if they lack encryption and access controls.
  3. Cloud Storage Integration:Many smartphones allow seamless integration with cloud storage services, allowing employees to easily upload and share files. However, this can bypass traditional DLP measures implemented within the corporate network.
  4. Communication Apps:Smartphones often have various communication apps installed, such as messaging or email applications, which can be used to share sensitive information outside the organisation’s secure environment.

The second part is that implementing data loss prevention technologies is somewhat difficult, and realising the full value is problematic (incomplete deployments are common). Here are some additional challenging points that organisations have often raised:

  • They are complex to deploy. Modern organisations deal with vast amounts of data in various formats (text, images, videos, etc.), making it challenging to create comprehensive DLP policies that effectively cover all data types.
  • Diverse IT environments:Organisations often have heterogeneous IT environments with a mix of on-premises systems, cloud services, and mobile devices, requiring DLP solutions to be compatible and integrated across these diverse platforms
  • Data classification:Proper DLP implementation requires accurate data classification to identify sensitive information and apply appropriate security controls. However, manually classifying data can be time-consuming and error-prone.
  • False positives and negatives:DLP solutions may generate false positives (incorrectly flagging legitimate actions as violations) or false negatives (failing to detect actual violations), impacting the trust and reliability of the system.
  • Continuous monitoring and updates:Data threats constantly evolve, requiring DLP solutions to be regularly updated, fine-tuned and monitored to detect new threats and vulnerabilities. This ongoing maintenance can be resource-intensive.
  • Resource and budget constraints:Implementing DLP solutions often require significant technological, training, and personnel investments. Organisations with limited resources or budget constraints may find deploying and maintaining robust DLP capabilities challenging.

However, the main challenge with DLP solutions is trying to solve a technology problem that isn’t a technology problem. It’s a “people” problem.

“Data by itself does not walk out of the door. It requires the action of a human person.”

Let’s look at the following equation:

A cause-effect relationship is well known globally, and it describes the connection between two events or variables, where one event (the cause) leads to or influences the occurrence of another event (the effect).

This relationship is fundamental in understanding how actions, phenomena, or conditions interact and produce specific outcomes.

Here’s a breakdown of a cause-effect relationship:

  • Cause: This is the event that initiates or triggers a change. It can be a single event, a series of events, a condition, or a behaviour. The cause is what brings about the effect.
  • Effect: This is the result or consequence of the cause. It can be a direct outcome or a chain of events influenced by the initial cause. The effect is what happens as a result of the cause.
  • Relationship:The cause-effect relationship establishes a link between the cause and the effect, demonstrating how changes in one variable lead to changes in another variable.

Let’s take the example of data theft by an insider.

  • The cause: The intentional breach of security measures by a trusted person
  • The effect: Sensitive information copied, stolen or exfiltrated.

How do DLP solutions act?

  • Preventing (cause):The DLP solution is part of the preventive measures implemented by the organisation to address potential causes of data theft. It helps establish policies and controls that define how sensitive data should be handled, accessed, and shared within the organisation.
  • Monitoring & Detection (effect):DLP solution actively monitors and detects suspicious or unauthorised activities related to data access, transfer, and usage by trusted employees. It uses content inspection, contextual analysis, user behaviour analytics, and policy enforcement technologies to identify anomalies and potential data breaches.

What is the root cause?

It’s essential to recognise that the root cause of data theft often lies in human behaviour and intention.

At its core, data theft involves individuals or groups with specific intentions and motivations. These motivations can range from financial gain, competitive advantage, espionage, retaliation, or even simple curiosity. These human factors drive the decision-making process behind data theft incidents.

What is the underlying problem of DLP?

Dealing with human intent.

As we know, organisations come in all shapes and sizes.

The same can be said about employees. Some are enthusiastic, some considerate, some engaged, some productive, and some not. You get the idea. Employees are different and have different motivations, values, beliefs, and behaviours.

The discussion of intent is viewed in the following:

Motive: This is the reason for doing something. Think of it as the “why” that motivates the “what.”

Agenda: Grows out of motive. It’s what you intend to do because of your motive.

Behaviour: This is the manifestation of motive and agenda.

Intent matters.

While we tend to judge ourselves by our intent, we judge others by their behaviour.

Most people have good intent. They sincerely want to do what is right and seek the best for others.

Some people genuinely have poor intent. Though they may not be aware of it or even admit it, deep inside, they seek their own profit, position or possession above others.

As a result, DLP solutions alone cannot solve the underlying actions driving human behaviour, such as the desire to steal information for personal gain or malicious intent.

Policies and technological controls can act as deterrents and barriers, but they cannot eliminate the motivation of the trusted employee wanting to carry that action.

DLP solutions are not designed to prevent human behaviours from intentionally committing malicious acts.

In short, DLP does not understand intent, so it cannot be expected to accurately detect, prevent, deter and respond to insider threats.

Key Takeaways

The essential takeaway is that while technology like DLP is important to data protection, data theft ultimately stems from human factors such as intent, behaviour, and awareness.

Organisations must prioritise addressing these human elements through training, culture-building, and ethical considerations to effectively combat data theft and insider threats.

There is no such thing as 100% data protection, for the mere fact that a human being can memorise specific information and just walk out.

Example: Anna Montes memorized classified data

There are few spies who have burrowed more deeply into the US government than Ana Montes. She was a senior analyst with the Pentagon, and her specialty was Cuba.

But here’s the twist: Montes was spying for Cuba. She memorised US state secrets and got them to the regime of former President Fidel Castro.


From Disgruntled To Dangerous

From Disgruntled To Dangerous

Exploring The Role Of Employee Discontent

“The difficulties of life are intended to make us better, not bitter.”
– Unknown

When an organisation hires a new employee, they look for the suitable skills, qualities, and capabilities they think will best fit their organisation.

Organisations understand the critical importance of recruiting the right employees and invest considerable effort and resources.

Organisations often utilise multiple recruitment channels to attract the right talent, including job boards, social media, and professional networks.

They meticulously screen resumes, conduct thorough interviews, and may even administer skills assessments or personality tests.

Reference checks and background verifications are standard procedures to ensure a candidate’s credibility.

Furthermore, organisations aim for a cultural fit, looking beyond qualifications to assess a candidate’s alignment with the company’s values and mission.

Indeed, organisations meticulously plan their recruitment processes, believing the individuals they bring on board will contribute positively to their teams and work culture.

They do not anticipate a new hire becoming unhappy, unaccommodating, or frustrated.

At no point do they think that their new employee will potentially vent their anger to their surrounding employees and their managers.

Their optimism stems from the thorough vetting and selection processes designed to ensure a strong match between the candidate’s qualifications, experience, and personality and the job’s requirements.

Organisations may strive to create a supportive and engaging work environment. However, a thriving and beneficial relationship between employees and employers is not guaranteed. It can all be undone very simply when an unfortunate workplace event occurs.

Take the following two examples:

Example #1: Apple Huge Reveal

Just days before Apple’s 2017 huge reveal, a disgruntled employee is believed to be the leak that compromised the anticipated event centred around the iOS 11 GM.

According to a September 9, 2017, Apple Insider report, it is suspected that a disgruntled employee revealed proprietary/confidential information regarding new features and hardware of the iOS 11 GM, new AirPods revision, “Face ID” facial recognition details and setup process, a new “animoji” feature for Messages, and the apparent marketing names of Apple’s forthcoming iPhone line-up; iPhone8, iPhone 8Plus, and iPhone X.

Example #2: Georgia-Pacific Mill Hack

IT specialist and systems administrator hacked his former employer, Georgia Pacific.

What Happened?

The former administrator was terminated from his employment in February 2014 and escorted off George-Pacific’s Hudson Mill premises. Despite his termination, his access to corporate applications remained in place.

The former employee was found to have an open virtual private network connection to the Georgia-Pacific Mill’s network. With this connection, he intentionally transmitted harmful code and commands to the system, sometimes bringing the mill’s production to a standstill.

FBI agents assigned to the case concluded that he intentionally sabotaged his former employer as payback.

These two examples show the scope of security risks disgruntled employees bring.

Let’s get into the details of what disgruntlement is.

What Is Disgruntlement?

Disgruntled workers are employees who feel unsatisfied with their jobs and tend to express dissatisfaction through complaints. Interestingly, the word “disgruntled” derives from the archaic term “gruntled”, which originally meant ‘’to grumble”.

In other words, a disgruntled employee is someone at your organisation who is more often than not upset and showing it by, you probably guessed it, grumbling.

Any organisation can have a disgruntled employee or two.

Often, workers get upset for minor reasons like a co-worker not helping them on a project, someone stealing their ideas as their own, not being appreciated, being overworked or not getting a pay increase.

Sometimes, an employee may even be disgruntled because of something at home that is almost entirely out of the organisation’s control.

So, no matter how well you run your organisation, you may occasionally come up against a disgruntled employee.

In short, the individual’s dissatisfaction is intimately linked to unmet expectations. They had hoped for specific outcomes or experiences in their job or life, but when these expectations weren’t fulfilled, it left them feeling disheartened and discontented.

It can be best presented by the following graph:

Here is an excellent example of an article, “The Case of Disgruntled Nurses”, which explores the concept in a real-life organisational situation. It highlights several factors and events contributing to employee disgruntlement within Oneida Home Health Agency (OHHA).

The Case of Disgruntled Nurses (By majillani |



  • OHHA received a letter from its staff council highlighting concerns and suggestions that violated the organisational hierarchy.
  • Rachel Nelson, the executive director, and Annemarie, the nursing director, had been working to address financial issues and improve accountability, productivity, and quality.
  • Some staff members resisted these changes, leading to conflicts and the letter sent to the board.

Problems and Causes

  • Rachel and Annemarie introduced changes without fully understanding the negative reactions from some staff members.
  • Senior nurses, accustomed to lenient supervision, resisted the new bureaucratic structure.
  • The introduction of a more complex documentation system increased paperwork, which nurses disliked.
  • The previous culture lacked criticism and penalties for poor performance, leading to job satisfaction among senior nurses.

The Case for Disgruntlement

  1. Unmet Expectations: The article discusses how management and organisational structure changes led to unmet expectations among the staff. This unmet expectation is a primary driver of disgruntlement.
  2. Conflict and Resistance: It describes the conflicts that arose due to staff resistance to the changes introduced by Rachel and Annemarie. This resistance manifests their disgruntlement with the new systems and management.
  3. Negative Perceptions: The article delves into how negative perceptions and mistrust developed between Annemarie and the senior nurses. These negative perceptions are rooted in their disgruntlement with each other’s actions and decisions.
  4. Recommendations for Resolution: The article proposes various solutions to address the disgruntlement, including replacing senior nurses and considering Annemarie’s termination. These recommendations directly relate to resolving the issue of disgruntlement among the staff.
  5. Conclusion on Communication: The article emphasises the importance of effective communication and understanding between managers and employees to overcome disgruntlement and improve organizational performance.

In Summary

The article’s specificity on disgruntlement lies in examining the various aspects, causes, and consequences of employee dissatisfaction and resistance within OHHA.

It explores how these factors contribute to the overall sense of disgruntlement within the organisation and provides recommendations for addressing this issue.

The question, then, is, why do some people become highly disgruntled or even vengeful? What makes some carry out malicious acts while others exposed to the same events and conditions do not act maliciously?

The transition from disgruntlement to vengeful behaviour is a complex process influenced by various individual and situational factors.

For example, just because two employees have a disagreement or passionate argument at work does not automatically assume they will come back and physically harm one another.

Most of us won’t react with violence, no matter how much injustice we may face. So, what differentiates us from those who do?

Let’s take a step backward to try and understand what we mean by unmet expectations.

Unmet Expectations

Unmet expectation is a situation whereby the individual feels disappointed because what they thought would occur didn’t happen, which can be best described in the following picture.

A precipitating event refers to a specific incident or situation that triggers a significant change or action, often with profound implications for employees and the organisation.

This event can range from a sudden economic downturn, a significant restructuring, a workplace accident, a leadership change, or any other occurrence that disrupts the usual course of business.

For employees, a precipitating event can catalyse change in their work environment, job roles, or expectations. Depending on how it impacts their circumstances (disposition), it can lead to various emotions, including uncertainty, anxiety, or even rage.

Employees often need to adapt, make critical decisions, or potentially face new challenges in response to such events, significantly affecting their job security, job satisfaction, and overall well-being.

For example, when new employees join a new organisation, they often come with expectations and anticipations.

These expectations can encompass a wide range of factors, such as job roles and responsibilities, workplace culture, compensation and benefits, opportunities for growth and development, work-life balance, and the overall experience within the organisation.

New employees typically expect clear communication about their job roles and responsibilities, a welcoming and inclusive workplace environment, fair and competitive compensation, opportunities for skill development and career advancement, and a healthy work-life balance.

On the other hand, organisations have their expectations when hiring new employees.

They anticipate that new hires will contribute effectively to the organisation’s goals and mission, follow business policies and procedures, work well with colleagues and teams, adapt to its culture, and demonstrate a commitment to success.

They also expect new employees to be proactive in their roles, show dedication and enthusiasm, and continuously seek ways to improve their skills and contribute positively to the workplace.

The alignment of these expectations from the new employees and the organisation is crucial for a successful and productive employment relationship.

What happens when expectations are not matched or fulfilled?

There is misalignment.

According to the Gallup State of the Global Workplace 2023 Report, only 23% of employees are engaged.

However, 59% of employees are referred to as “quiet quitters”, or what I call disengaged.

These employees are filling a seat and watching the clock. They put in the minimum effort required and are psychologically disconnected from their employer.  Although minimally productive, they are more likely to be stressed and burnt out than engaged workers because they feel lost and disconnected from their workplace. They are also likelier to make mistakes and not follow cybersecurity corporate policies.

A very worrying sign is that 18% of employees are called “loud quitters” or highly disengaged.

These employees take actions that directly harm the organisation, undercutting its goals and opposing its leaders. At some point, the trust between employee and employer was severely broken. Or the employee has been woefully mismatched to a role, causing constant crises.

Let’s take a further step backward to try and understand why humans behave the way they do by understanding their disposition.

Personal Disposition 

Refers to an individual’s inherent characteristics and traits that influence their behaviour, attitudes, and interactions with colleagues and the work environment. It includes aspects such as their temperament, personality traits, values, and emotional tendencies, which collectively shape their approach to work, teamwork, and decision-making within the organisation.

For example, individuals with low self-esteem or poor emotional regulation may be more prone to lash out vengefully when they feel wronged. Here are some examples of personal disposition found in insider cases:

  • Conflict with fellow workers
  • Bullying and intimidation of co-workers
  • Serious personality conflicts
  • Unprofessional behaviour
  • Inability to conform to rules
  • Difficulties controlling anger

Example: Off-duty Alaska Airlines Pilot Charged With Attempted Murder

What Happened?

An off-duty Alaska Airlines pilot has been charged with 83 counts of attempted murder after he allegedly tried to shut off a plane’s engines mid-flight.

He was riding as a standby employee passenger in the cockpit “jump seat” when the airborne altercation occurred.

After a brief scuffle inside the flight deck with the captain and first officer, the off-duty pilot ended up restrained by cabin crew members and was arrested in Portland, Oregon, where the flight was diverted and landed safely.

Behind the Scenes

Alaska Airlines reported no blemishes in the employment record of the charged pilot. The head of a California flying club he once belonged to said his alleged behaviour was completely at odds with the meticulous, mild-mannered family man he remembered him to be.

According to the affidavits, the charged pilot told police after his arrest that he was suffering a mental crisis during the incident and had struggled with depression for the past six months.

The court documents said he also told police that he had taken “magic mushrooms” for the first time, ingesting them about 48 hours before boarding the plane.

During the check-in or boarding process, employees did not observe any signs of impairment that would have led them to prevent the off-duty pilot from flying.

Depression is certainly a significant global health issue that affects millions of people.

Depression is a debilitating mental health condition characterised by persistent feelings of sadness, hopelessness, and a loss of interest in daily activities.

Depression was one of the reasons why a German Wings co-pilot deliberately crashed his Airbus A320, some 100 km north-west of Nice in the French Alps in 2015, killing all people on board.

Depression’s impact is substantial, both in terms of individual suffering and the broader societal and economic consequences.

Personal disposition can be broken into the following subcategories.

Perceived Injustice reflects the unfairness or injustice toward them that can fuel vengeful feelings. If someone believes they have been treated unfairly or suffered a significant injustice, they may be more likely to seek revenge to restore what they see as justice. For example:

  • Being passed over for promotion
  • Being passed over for a salary raise
  • Demotion
  • Being passed over for a project
  • Transfer to a different department
  • New supervisor hired
  • Access changed
  • Co-worker overriding decisions
  • Bonus lower than expected
  • Responsibilities changed 

Individual Difference means that different people have different levels of perceiving situations, whether good or bad. Some people have other ways to cope with unpleasant situations. Some individuals may have a predisposition towards aggression or a higher level of hostility, making them more likely to respond to disgruntlement with vengeful behaviour. Others may be naturally more resilient and better at managing their emotions. 

Trust Gap is the difference in how much employees and employers trust each other in their professional relationships regarding factors like confidence, transparency, and mutual reliance. A large trust gap increases the doubts and suspicions that may arise when employees feel their employer is not forthcoming, fair, or consistent in their actions, decision-making, and communication, potentially leading to decreased job satisfaction, motivation, loyalty and increasing criticism of management and business. 

Past Experiences refers to an event or events that have happened in the past but have shaped the person’s behaviour.

For example, someone who has had past issues with the following scenarios:

  • Had security violations
  • Harassment or conflict with co-workers
  • Difficulties controlling anger
  • Unprofessional behaviour
  • Bullying and intimidation
  • Intoxication
  • Personality conflicts
  • Arrested
  • Hacking
  • Misuse of organisation assets

Moral and Ethical Values refer to an individual’s personal values and moral compass that can encourage or discourage vengeful behaviour. Some individuals may prioritise forgiveness and conflict resolution, while others may prioritise retribution.

Opportunity and Risk refer to the universal law of pain and pleasure. If someone believes they can exact revenge without severe repercussions, they may be more inclined to do so. 

Social Support means the presence of a strong support network, such as

family and friends can provide the foundation to help discourage an individual from responding to grievances. At the same time, the lack of support can exacerbate the feeling of revenge as an acceptable or expected response to perceived slights or wrongdoings. In some cultures, retaliation may be seen as a better or even expected response to perceived slights or wrongdoings.

Financial Challenges frequently introduce workplace stressors. The ongoing concern of meeting financial obligations can prove distracting, hindering one’s ability to concentrate on job responsibilities. Additionally, financial instability can trigger personal problems that extend into the workplace, encompassing issues like interpersonal conflicts, disputes with supervisors, increased absenteeism and possible aggression.

Substance Abuse can be a significant danger to both them and the workplace. Substance abuse can impair their judgment and decision-making, leading to potential safety hazards and mistakes in tasks or responsibilities. Furthermore, it can result in absenteeism, tardiness, and decreased productivity, ultimately affecting the organisation’s overall efficiency. Interpersonal relationships may suffer due to erratic behaviour and conflicts with co-workers. It can jeopardise their well-being and endanger the stability and effectiveness of the workplace, making it a critical issue.

Tipping Point

After understanding why specific individuals become dissatisfied while others become profoundly disgruntled, despite identical circumstances or events, what factors might drive an employee to contemplate taking hostile actions against their organisation?

What is their tipping point?

Imagine that you were laid off from work. Would you seek justice and reprisal for the grievance?

Let’s take a look at the following actual case scenario that happened in Santa Clara.

Example: Shooting In Their Workplace

Hours after being laid off in November 2008, a product test engineer at a Santa Clara, CA, technology company returned to his former place of employment to clean out his desk.

While doing so, co-workers said he suddenly became agitated and entered the office of the company CEO.

Co-workers did not know the former employee had brought a 9 mm pistol to the office.

The next thing the workers heard was a rapid succession of gunshots. When the shots ended, the CEO, vice president of operations and the head of human resources were dead.

What made the test engineer take such extreme actions? What made this person dangerous?

Every person has a critical or turning moment when a situation or behaviour crosses a threshold, leading to a significant and often irreversible change.

Every person has a different tipping point.

Every person has a different recourse.

However, some employees may take a more negative course of action against their organisation when they feel extremely disillusioned, unsupported, or desperate due to unresolved issues or perceived mistreatment.

Several factors can contribute to this:

  1. Extreme Discontent: A prolonged period of discontent, frustration, or feeling ignored can push employees to consider more negative actions to vent their anger or seek retribution.
  2. Lack of Options: When employees believe they have exhausted all available options within the organization and still haven’t found a satisfactory resolution, they may turn to more negative actions as a last resort.
  3. Revenge or Retribution: In cases of severe grievances or perceived injustices, some employees may act out of a desire for revenge or to make the organization pay for what they perceive as wrongs committed against them.
  4. Personal Crisis: Personal crises, whether financial, emotional, or related to their work environment, can amplify an employee’s negative feelings and lead them to take extreme actions as a form of coping or out of desperation.
  5. Influence from Others: Negative actions can be influenced or encouraged by peers, colleagues, or external parties who may share similar grievances or have ulterior motives.
  6. Disregard for Consequences: Some employees may decide on negative actions when they believe the potential consequences, such as termination or legal issues, outweigh their perceived need to express grievances.
  7. Lack of Trust: If employees perceive that the organization lacks transparency, integrity, or a commitment to addressing their concerns, they may see negative actions as the only way to force attention to their issues

Think of the above points as pressure/stress points that gradually lead to a significant crisis.

Such a crisis can potentially propel the individual to prioritise seeking harm to others.

Revenge is a complex human behaviour that people seek for various reasons.

  1. Emotional Satisfaction: Revenge can provide a sense of emotional satisfaction or closure to someone who feels wronged. It allows them to feel like justice is served and that they’ve regained some control or power in a situation where they may have initially felt helpless.
  2. Deterrence: Seeking revenge can also serve as a deterrent. If someone believes that taking revenge will discourage others from harming them or their interests in the future, they may be more inclined to seek revenge.
  3. Restoration of Self-esteem: Revenge can help restore an individual’s self-esteem or self-worth. When someone is hurt or feels disrespected, seeking revenge can make them feel like they’ve regained their honour or self-respect.
  4. Psychological Closure: Some people use revenge to achieve psychological closure. They believe that by retaliating, they can put an end to the psychological distress or trauma caused by the initial harm.
  5. Social Validation: In some cases, revenge can be a way to gain social validation or support. When others acknowledge and support the avenger’s actions, it can provide a sense of belonging or group cohesion.

In the above example, the test engineer gained satisfaction by causing the ultimate pain to others, even though he knew that his actions would undoubtedly doom him for the rest of his life.


Understanding tipping points is valuable for predicting or influencing human behaviour, as it helps identify when a situation is ripe for change or when a small action or event can have significant cascading effects.

It also underscores the idea that relatively minor factors sometimes trigger significant shifts in behaviour or outcomes.

Importantly, employees typically do not start their day with the intention of causing harm to their organisation.

Negative thoughts or actions toward their workplace usually develop over time, often due to various factors such as dissatisfaction, frustration, or perceived mistreatment.

These feelings can simmer beneath the surface, gradually intensifying until they reach a point where an employee may contemplate taking negative actions.

The key message here is that there is a window of opportunity for intervention.

Rather than solely focusing on punitive measures when employees exhibit signs of disgruntlement or dissatisfaction, organisations can take a more proactive and supportive approach.

By identifying these early warning signs and addressing the underlying issues, employers can help employees reorient their thinking and behaviour toward a more positive and constructive direction. This approach mitigates potential harm and fosters a healthier, more productive work environment.

Therefore, organisations must create a supportive, transparent, and respectful work environment, actively address employee concerns, and provide outlets for resolving disputes to prevent employees from feeling driven to such extreme actions.

Additionally, promoting mental health and well-being initiatives can help employees cope with stress and grievances in healthier ways.


Hidden Dangers Within

Hidden Dangers Within

Warning Signs Ignored. The Silent Threat of Employee Disengagement

“The difficulties of life are intended to make us better, not bitter.”
– Unknown

Somewhere in Spain (fictional conversation)

CEO: “We’re a winery, not Fort Knox. Why overspend on security?”

Security Manager: “Imagine someone, say a disgruntled employee, decides to unplug our tanks. That’s our premium wine down the drain!”

CEO: “As likely as finding a wine bottle that doesn’t want to be opened. Let’s not pour money into ‘what-ifs’.”

Security Manager: “But—”

CEO: “No ‘buts’ unless it’s about wine barrels!”

Fast forward…

A vino vengeance unfolds as five tanks get unplugged in a blitz!

60,000 bottles of wine, valued at 90€ each, were lost.

The lesson of the day?

“Unlikely” doesn’t mean impossible.  What is the cost of ignoring risks? A whopping 5.4 million € in fine wine.

(Story source:

What Is Employee Engagement?

Employee engagement goes beyond just doing work. It includes how much employees care about their jobs and the company. Their emotions, dedication, and enthusiasm show their engagement in their work and workplace.

Employee engagement affects about every element within an organisation, including:

  • Productivity
  • Profitability
  • Customer experience
  • Morale
  • Employee turnover
  • Team dynamics

It’s been shown that employees who feel connected to their organisation work harder, stay longer, and motivate others to do the same.

Additionally, research from Harvard Business Review (sponsored by Quantum Workplace) shows that 92% of business executives believe that engaged employees perform better, excelling in the success of their teams and the outcomes of their organisations (source:

Employee engagement does not mean employee “happiness”.

Employee happiness is distinct from employee engagement. Happiness focuses on individual well-being and contentment, influenced by various factors. In contrast, engagement goes further, involving a deeper commitment to organisational goals and active contribution to its success.

While happy employees experience positive emotions, engaged employees align with the company’s mission and actively work towards shared objectives, emphasising the importance of recognising and fostering both aspects in the workplace.

Employee engagement doesn’t mean “satisfaction”.

Employee satisfaction reflects contentment with job aspects, while engagement involves a deeper connection to the organisation’s mission and active commitment to its success.

Satisfied employees may find their work enjoyable, but engaged employees go further, actively contributing and striving to make a meaningful impact on the company’s goals.

Whose job is it?

An organisation’s responsibility for caring about employee engagement typically falls on leadership and management.

Leaders, managers, and human resources professionals are crucial in creating a work environment that fosters engagement.

This involves providing clear communication, offering development opportunities, recognising achievements, and addressing concerns.

While individual employees also contribute to their engagement, organisational leaders are instrumental in shaping the overall culture and conditions that influence how engaged employees feel.

Why is it important?

Employees make decisions and take actions that impact their workforce and organisation daily. How your organisation treats its employees and how employees treat each other can either positively influence their actions or pose risks to your organisation.

Gallup’s extensive research on employee engagement, which spans decades, reveals that engaged employees consistently yield better business outcomes than their counterparts, irrespective of industry, company size, nationality, or economic conditions.

Worryingly, only 23% of employees worldwide feel engaged (source:

Understanding Employee Disengagement

Disengagement refers to the act of withdrawing or becoming detached from something. It can have several meanings depending on the context:

  1. Emotional disengagement: This refers to a psychological state where an individual emotionally disconnects or distances themselves from a situation, relationship, or activity. It can involve suppressing or avoiding feelings and emotional involvement.
  2. Social disengagement: This refers to the process of withdrawing from social interactions, relationships, or activities. It may involve isolating oneself or reducing involvement in social circles or communities.
  3. Military/political disengagement: This term is used in military or political contexts to describe the process of withdrawing troops or forces from a particular area or conflict zone.
  4. Cognitive disengagement: This refers to the process of mentally distancing oneself from a task, situation, or experience. It can involve distracting oneself or avoiding fully engaging with something mentally or intellectually.

However, Employee disengagement in the workplace refers to an employee’s lack of motivation, commitment, or emotional connection to their job or organisation.

Disengaged employees typically lack enthusiasm and commitment to their jobs, showing a deficiency in motivation and inspiration. Although they may adequately fulfil their job responsibilities, they are likely to avoid putting in additional effort to contribute to the organisation’s objectives.

Disengaged employees tend to exhibit the following characteristics:

  1. Lack of motivation: They feel unmotivated and uninspired to put in extra effort or go beyond their bare minimum.
  2. Low productivity: Disengaged employees often have lower productivity levels as they are not fully invested in their work.
  3. Lack of enthusiasm: They display little enthusiasm or passion for their job and the company’s mission and goals.
  4. Detachment: Disengaged employees feel emotionally detached from their work, colleagues, and the organisation as a whole.
  5. Absenteeism: They may have higher absenteeism rates or a tendency to miss work frequently.
  6. Negative attitudes: They may exhibit negative attitudes towards their work, colleagues, or the organisation and frequently complain or criticise.
  7. Low commitment: Disengaged employees are less committed to their jobs and the company and may be more likely to seek other job opportunities.

They are all a symptom of a “check-out” mentality.

According to the State of the Global Workplace 2023 Report by Gallup, actively disengaged employees make up 77% of the workforce (source:

As reported by Gallup, a 77% employee disengagement rate is alarmingly high and points to widespread and systemic issues in the workplace.

One of the primary reasons for disengagement is stress. Around 44% of employees worldwide said they experienced a lot of stress the previous day (source:

Employee stress rose in 2020, likely due to the pandemic. However, employee stress has been rising for over a decade.

There are many reasons why work might make those feel stressed, such as:

  • Extended hours or a heavy workload
  • Inflexible deadlines
  • Conflict, bullying or sexual harassment in your workplace
  • Lack of support from your co-workers or manager
  • Lack of appreciation for your efforts
  • An environment that is too noisy, hot, cold, dusty or uncomfortable

Apart from stress, several other reasons can contribute to employee disengagement. Here are some key factors:

  1. Lack of recognition and appreciation: Employees who feel their efforts and contributions are not recognised or appreciated are more likely to disengage.
  2. Poor communication and feedback: Ineffective communication from management, lack of clear goals and expectations, and inadequate feedback on performance can leave employees feeling disconnected and disengaged.
  3. Limited career growth opportunities: Employees may become disengaged if they perceive limited opportunities for career advancement, skill development, or personal growth within the organisation.
  4. Inadequate compensation and benefits: Employees who feel underpaid or receive inadequate benefits compared to their peers or industry standards may become disengaged and seek better opportunities elsewhere.
  5. Lack of autonomy and empowerment: Micromanagement and a lack of trust from supervisors can lead to disengagement, as employees feel they have little control or autonomy over their work.
  6. Unfair treatment and discrimination: Perceived discrimination, favouritism, or unfair treatment based on gender, race, age, or personal beliefs can contribute to disengagement and resentment towards the organisation.
  7. Poor leadership and management: Incompetent, unsupportive, or unethical leadership can erode trust and respect, causing employees to become disengaged and unmotivated.
  8. Toxic work culture: A hostile work environment characterised by office politics, conflicts, or a lack of collaboration and teamwork can foster disengagement as employees become dissatisfied with the organisational culture.
  9. Organisational changes and uncertainty: Major organisational changes, restructuring, or mergers can create uncertainty and disrupt the work environment, leading to disengagement as employees feel insecure about their roles and future.

A cause for more significant concern is that among the 77% disengaged workforce, 18% are categorised as highly disengaged.

Highly disengaged employees have become completely detached and unmotivated in their roles and towards the organisation they work for.

These employees exhibit various behaviours and attitudes that can harm productivity, morale, and overall organisational success.

At some point, the trust between employee and employer was severely broken, or the employee was woefully mismatched to the role.

Risk Potential

Looking at the big picture, disengaged employees pose several risks to an organisation, namely:

  • Poor customer service: Disengaged employees are more likely to perform poorly, abruptly, and without empathy, resulting in poor customer service, dissatisfaction, and potential loss of reputation and business.
  • Negative impact on workplace culture: Disengaged employees can spread negativity and toxicity throughout the workplace, affecting team morale, collaboration, and overall organisational culture.
  • Increased turnover: Disengaged employees are more likely to seek employment elsewhere, leading to higher turnover rates, which can be costly for organisations regarding recruitment, training, and knowledge loss.
  • Negative impact on morale: Disengaged employees can have a detrimental effect on team morale and workplace culture. Their lack of enthusiasm or commitment may spread to others, leading to low morale and motivation among colleagues.
  • Security risks: Employees who are disengaged might pay less attention to cybersecurity protocols, policies, and procedures, consequently raising the risk of compromising sensitive information, experiencing cyber breaches, and encountering data breaches.
  • Safety risks: Disengaged employees may be less attentive to safety protocols and procedures, increasing the risk of accidents and injuries in the workplace.
  • Reputational damage: If disengaged employees express their dissatisfaction publicly or provide poor customer service, it can damage the organisation’s reputation and brand image.
  • Increased absenteeism and presenteeism: Disengaged employees may have higher rates of absenteeism or presenteeism (physically present but mentally disengaged), further impacting productivity and overall performance.
  • Increased workplace conflicts: Disengaged employees may be more prone to conflicts with colleagues or managers, creating a hostile work environment and disrupting team dynamics.
  • Increased employee turnover: Low morale can exacerbate disengagement and create a toxic work environment. Employees are more likely to seek opportunities elsewhere, leading to higher turnover rates.

The good news is that a few changes to how they are managed could turn them into productive team members.

The bad news is that highly disengaged employees can significantly harm the organisation if left untreated.

  1. Active spread of negativity: Rather than just being indifferent, highly disengaged employees can become “amenity negators” – Actively trying to discourage others and spread their negative sentiments about the job and the organisation.
  2. Interpersonal conflicts: Highly disengaged workers are more likely to argue, be insubordinate to managers, or create hostile situations with colleagues, disrupting teamwork and morale.
  3. Toxic and hostile: Actively and highly disengaged employees will likely create a toxic and hostile work environment. They may engage in verbal abuse, harassment, bullying or other forms of disruptive behaviour, causing emotional distress and dissatisfaction among their peers. This toxicity can spread rapidly, eroding trust and collaboration within the team.
  4. Public defamation: In the age of social media, highly disengaged staff may vent their frustrations publicly and defame the organisation online, damaging its reputation significantly.
  5. Outright sabotage or theft: Extremely disengaged employees who feel resentful or vengeful toward the company may intentionally undermine operations, sabotage projects, share confidential information, or even steal property or funds.
  6. Severe safety risks: One of the significant risks posed by highly disengaged employees is the potential for threats and violence, directly impacting personal safety within the organisation. These individuals may exhibit hostile behaviour, aggression, or even deliberate acts of violence towards their colleagues, supervisors, or the organisation. Such instances can create a climate of fear and intimidation.
  7. Legal/compliance risks: Apathy toward rules, negligence, or even malicious intent from the highly disengaged can lead to costly regulatory penalties or lawsuits against the company.

Identification of Warning Signs

Interestingly, the journey at a new workplace begins with enthusiasm and energy.

Employees are excited and eager to showcase their capabilities, deliver their utmost, and cultivate a favourable perception among their colleagues.

However, forecasting which individuals might eventually disengage from their roles or pinpointing the precise moment of this shift remains difficult.

Gradually, an intangible chasm emerges, proving challenging to identify and bridge.

The following visual demonstrates the roadmap to highly disengaged employees.

Identifying Behaviour Signs

As employees progress through the stages of disengagement, some visible behavioural cues and patterns can serve as warning signs for managers and HR professionals to take notice.

Being attuned to these behaviours is crucial for early intervention before disengagement becomes entrenched. Some key behaviours to look out for include:

  1. Early signs of disengagement
    • Reduced motivation and effort
    • Withdrawn from activities
    • More frequent absent and tardiness
    • Decreased productivity
  2. Emotional disconnection
    • General apathy towards work
    • Negative attitude spreading to others
    • Neglecting responsibilities
  3. Psychological detachment
    • Feeling undervalued and unappreciated
    • Loss of trust in management and leadership
    • Questioning organisation values and direction
    • Actively looking for other jobs
  4. Counterproductive behaviours
    • Missing deadlines intentionally
    • Doing the bare minimum required
    • Discouraging participation and contribution
    • Increased conflicts with co-workers
  5. Open defiance
    • Insubordination towards managers
    • Sabotaging projects and initiatives
    • Spreading negativity about the company
    • Encouraging the resignation of others
    • Stealing business assets and time
  6. Actively disengaged
    • Undermining organisation reputation
    • Sharing confidential information
    • Intentionally policy violations
  7. Malicious and revenge
    • Leaking trade secrets
    • Property damage and theft
    • Hacking and data breaches
    • Inciting violence or walkouts
    • Sabotaging business operations

The Role of Organisation Culture

Organisational culture plays a pivotal role in influencing employee engagement and disengagement levels.

An organisation’s culture, encompassing its values, norms, practices, goals, mission and working environment, can foster engagement or fuel employee disengagement.

When an organisation’s culture aligns with its employees’ values and beliefs, it fosters a sense of belonging and purpose, leading to higher engagement.

However, the same can be said on the contrary. If the culture contradicts employees’ values, it can create cognitive dissonance and disengagement.

The leadership style and behaviour of managers and executives significantly shape organisational culture. Supportive, transparent, and empowering leaders tend to cultivate a culture of trust, respect, and engagement, while authoritarian, micromanaging, or unethical leadership can breed a toxic culture that disengages employees.

Open and transparent communication from leadership and opportunities for employee feedback and input contribute to an engaging culture. In contrast, a lack of transparency and top-down communication can create a culture of distrust and disengagement.

Cultures that prioritise recognising and appreciating employee contributions foster a sense of value and motivation. Conversely, a culture that overlooks or undervalues employee efforts can lead to disengagement.

Organisations prioritising employee development, training, and career growth opportunities cultivate a culture of continuous learning and engagement, while stagnant cultures lacking growth prospects can disengage ambitious employees.

A culture that respects work-life balance and provides flexibility can enhance engagement. In contrast, a culture that demands excessive overtime or neglects personal well-being can lead to burnout and disengagement.

Cultures that encourage collaboration, teamwork, and open communication tend to be more engaging, while siloed, competitive, or political environments can breed disengagement.

Key Takeaway

“Hidden Dangers Within” reflects the unseen, unaddressed issues and risks that can plague beneath an organisation’ before manifesting outwardly in damaging ways.

Employee disengagement is such a perfect example of the hidden danger that an organisation misses.

Employee disengagement often begins quietly and invisibly before any outward signs are evident. It germinates underneath the surface through internal feelings and attitudes that can initially go unnoticed by management. Dissatisfaction, resentment, and apathy are all emotional disconnects from one’s work that start private and hidden away.

As disengagement takes root within employees, it perpetuates in subtle, insidious ways that are difficult to detect from the outside. Negative emotions fester, productivity wanes slightly, and enthusiasm dips, but these creeping effects can be excused or obscured amidst daily operations.

All the while, this unseen disengagement poses an increasingly dangerous threat from within. It chips away at morale and performance standards while providing fertile ground for policies, practices or management decisions that enable it to spread silently further through the workforce.

By the time obvious signs like insubordination, sabotage or turnover rates spike, the disengagement has already inflicted unseen damage. The once-hidden danger has invisibly infiltrated operations and metastasized across teams and departments unchecked.

Worse still, highly disengaged employees can become covert “agents” actively working against engagement and driving those dangers, intentionally negating productivity, drowning optimism, and withholding effort in unseen ways that exacerbate the problem.

Battling a widespread, advanced disengagement requires painful, drastic measures because the danger could hide in plain sight, fuelling itself from within until it blossomed into an existential cultural threat.

This ability for disengagement to clandestinely take root and do unseen damage from the inside-out, sitting dormant until ubiquitous, is why it epitomises the idea of an organisation’s potentially most lethal “hidden danger within.

Ultimately, organisations must cultivate a positive, supportive, and inclusive culture that aligns with their workforce’s values and needs. Addressing cultural issues that fuel disengagement and actively nurturing an engaging culture should be a strategic priority for organisations to retain and maximise the potential of their talent.


Can The Ones You Trust Can Send You Bust?

Can The Ones You Trust Can Send You Bust?

“Trusting someone is like borrowing their parachute — hoping they packed it right. But watch out because sometimes, the ones you trust might just turn your safety net into a hammock, leaving you hanging and wondering if hitting the ground was part of their plan!”

– Peter Natterer

On 24 March 2015, Germanwings Flight 9525 took off from Barcelona–El Prat Airport in Spain, destination Düsseldorf Airport in Germany. It never arrived. The Airbus A320-211 was deliberately crashed into the French Alps northwest of Nice. All 150 passengers and crew aboard died.

The co-pilot, Andreas Lubitz, unbeknownst to his employers, had been treated for suicidal tendencies and had been declared unfit to work by his doctor. Lubitz, on this fateful day, patiently waited for the Captain to exit the cockpit, quietly locked the cockpit door and then started a steady and deliberate final descent into the side of a French mountain.

Germanwings, an entity of Lufthansa, has since quietly rebranded.

In the realm of the workplace, when we bring new employees on board, we’re searching for a mix of skills, hard work, and intelligence. We count on these team members to use their talents to boost our organisation. But what if those qualities take a turn, and our teammates start using them against us?

That’s the flip side. It’s something known as an “insider threat.” When discussing what could go wrong, the human factor is always the wild card. People mostly start a job with great intentions and dreams of making a positive impact. But, as we know, things change. People change. Workplaces change. It’s a constantly shifting environment; sometimes, unintended consequences tag along for the ride.

It’s these changes that can stir up some trouble down the line.

In the everyday world of day-to-day business as usual, it’s easy to overlook how small shifts in the workplace can turn into big problems. You’ve got team members who were once on the same page but are now heading in different directions. The organisation itself might be evolving in unexpected ways. It’s in these moments that trouble can start brewing.

Equally, in the ever-shifting landscape of organisational dynamics, one of the most intriguing aspects arises when the organisation undergoes metamorphosis.

Initially aligned with the company’s values, goals, and culture, team members may find themselves adrift when faced with an organisation that no longer resembles the one that brought them on board.

Picture This:

An individual joins an organisation with a clear understanding of its mission, vision, and the shared values that underpin its identity. However, businesses, much like living entities, evolve. Changes in leadership, strategic pivots, cultural shifts, or responses to external forces can all contribute to a transformation in the organisational DNA.

As this evolution unfolds, a curious and sometimes unsettling phenomenon occurs. The very aspects that once drew individuals to the organisation, such as its mission, values, and modus operandi, may undergo alterations that render them unrecognisable. The workplace they embraced for its vision may start to blur into something unfamiliar.

For the employee, this can be akin to navigating uncharted territory. The cultural compass that once guided their professional journey might start pointing in different directions. The shared language and values that formed the bedrock of their commitment to the organisation may undergo shifts, leaving them feeling disconnected.

In such instances, questions naturally arise. Does the individual still resonate with the organisation’s mission? Are the changes congruent with their personal and professional values? Can they adapt to the evolving landscape, or does it create a sense of incongruity that raises doubts about their place within the organisation?

Opening The Gates To The Castle

Another angle in the maze of organisational dynamics is the possibility of individuals harbouring a sense of entitlement, perceiving themselves as indispensable or above the rules. This form of hubris, if left unchecked, can sow the seeds of discord and betrayal within the organisational fabric, especially when it takes on the insidious form of an insider threat.

When an individual within an organisation begins to feel entitled, believing their skills, position, or contributions grant them special privileges, it can bring trouble. If allowed to fester, the perception of one’s importance may diverge from the collective goals and values that bind a team or company together.

Consider the historical example of the betrayal of Constantinople during the Fourth Crusade.

In this instance, an individual, driven by a personal agenda and an inflated sense of importance, facilitated the downfall of an entire city by opening the gates from the inside.

Alexios Doukas, later known as Alexios IV Angelos, sought to secure his position on the Byzantine throne by colluding with the Crusaders. His perception of personal entitlement and the belief that his ambitions superseded the well-being of the entire city fuelled a betrayal that had far-reaching consequences, highlighting – literally – the insider threat from within.

Similarly, individuals who perceive themselves as indispensable in contemporary organisations may compromise the collective welfare for personal gain. Their sense of entitlement can manifest in actions detrimental to the organisation, eroding trust and cohesion.

Innocent But Still Deadly

In the complex interplay of organisational systems, the Deepwater Horizon oil spill in 2010 stands as a powerful illustration of how seemingly innocent actions, when not fully thought through, can cascade into disaster. This incident is a stark reminder that unintended consequences stemming from decisions made with the best intentions can have profound and far-reaching impacts.

The Deepwater Horizon, an offshore drilling rig operated by British Petroleum (BP), was symbolic of cutting-edge technology aimed at resource extraction from the Gulf of Mexico’s depths. However, an innocuous sequence of decisions and actions set the stage for an environmental catastrophe. A crucial cement seal on the well failed, and the blowout preventer, a failsafe mechanism, malfunctioned. These were not deliberate acts of misconduct but rather innocent actions, individually reasonable but collectively leading to a catastrophic outcome.

The lesson from Deepwater Horizon is that “the path to disaster is often paved with good intentions”.

The individuals involved likely did not foresee the devastating consequences of their contributing actions. This scenario underscores the critical importance of thoroughly evaluating the potential ramifications of decisions, especially in complex and high-stakes environments.

Within organisations, the parallel is clear: innocent actions, if not carefully considered, can unravel into crises. The aftermath can be severe, whether it’s a lack of foresight, incomplete risk assessments, or a failure to anticipate how seemingly minor decisions can compound.

Key Takeaway

  • Organisational Evolution: Organisations are dynamic entities subject to constant change, driven by shifts in leadership, strategic pivots, and responses to external factors. This evolutionary process can transform the organisational DNA, altering core aspects such as mission, values, and operational approaches. The challenge arises when these changes diverge from the initial identity of the organisation, potentially causing dissonance among employees who joined with a specific understanding of the company’s essence.
  • Employee Disconnection: Amid organisational evolution, employees may find themselves adrift in unfamiliar terrain. As the workplace shifts, the cultural compass that once guided their professional journey may start pointing in different directions. This shift can lead to a sense of disconnection as shared language and values that formed the foundation of their commitment to the organisation undergo alterations. Questions emerge about alignment with the evolving mission and whether employees can adapt to the changing landscape, fostering a potential disconnect between individuals and the organisation.
  • Insider Threats: Insider threats highlight the potential dangers within an organisation when individuals develop a sense of entitlement, perceiving themselves as indispensable. If left unchecked, this audacity can lead to actions detrimental to the collective welfare of the organisation, eroding trust and cohesion.
  • Organisation Culture: The foundational importance of organisational culture, which initially attracts individuals to a particular workplace, changes over time. However, evolution in leadership, strategy, or culture can lead to a transformation that renders the organisation unrecognisable, potentially causing friction with employees’ personal and professional values. Maintaining a cohesive organisational culture is essential to prevent disconnection among employees and mitigate the risks associated with insider threats.
  • Trust or Bust: The tragic incident of Germanwings Flight 9525 underscores the potential consequences of trust breakdowns in employee screening and mental health support. The evolving nature of organisations can lead to a rupture in trust when changes are not communicated transparently, fostering a sense of disconnection among employees. The concept of insider threats becomes more pronounced in an environment where trust is lacking, as individuals may feel compelled to act against the organisation’s interests due to a perceived absence of trustworthiness. The Deepwater Horizon example is a stark reminder that even with good intentions, a lack of trust in decision-making processes and risk assessments can lead to catastrophic failures. In essence, the “Trust or Bust” lens reinforces the idea that organisational success hinges on establishing and maintaining trust, and any failure in this regard can amplify the risks associated with employee disconnection, insider threats, and unintended consequences.

How Can We Help?

Naked Insider emerges from a profound recognition of the imperative for organisations to safeguard themselves against the risks and harm that trusted individuals, whether through intentional actions or inadvertent missteps, can pose.

In the dynamic landscape of modern organisational life, where each entity grapples with unique challenges, the potential impact of insider threats cannot be understated.

Our genesis is rooted in the understanding that an organisation’s risk profile is as distinctive as its fingerprint. Naked Insider steps into this space as a beacon of expertise. Whether navigating the potential complexities of intentional wrongdoing or addressing the unintended consequences of innocent actions, we bring a nuanced understanding to the forefront.

In a world where the consequences of insider threats can be profound and far-reaching, our mission is clear: to provide expert guidance on the best strategies for protecting your organisation’s critical assets both now and in the future.

We recognise that mitigating these risks requires more than a one-size-fits-all approach. It demands a deep dive into the intricacies of your organisation’s structure, culture, and operations.

Naked Insider is not just a consultancy. It is a dedicated partner committed to walking alongside you on the journey to fortify your organisation’s resilience.

Our team of seasoned professionals brings a wealth of experience in understanding the nuances of insider threats, ensuring that our advice is comprehensive and tailored to your specific needs.

As we navigate the complex terrain of organisational risks, let Naked Insider be your trusted ally in charting the best course forward. Our commitment is to empower your organisation with the insights and strategies needed to navigate the delicate balance between trust and protection, ensuring a secure future for your critical assets.

Your next best step is to book a complimentary consultation with a representative from Naked Insider.


Insider Threats In Focus: Predictions For 2024

Insider Threats In Focus

Predictions For 2024


Predictions, few words can provoke such extreme human emotions when it comes to weather, politics, health, the stock market, and sports.

2023 was such a rocky, uncertain, and emotional year, what with the continuing war between Ukraine and Russia, escalation conflicts between Israel and the Palestinians, China’s Spy Balloon, and record-breaking extreme weather, India surpassed China as the world’s most populous country, King Charles III was coronated in the UK and the adoption of artificial intelligence by the mainstream.

The future is a strange place, filled with fear and anxiety. We presume it will look like now apart from the different bits and pieces.

When it comes to Insider Threat predictions, what does 2024 hold for us?

Most of us agree that insider threats will either remain the same or worsen.

You can argue that it isn’t so much a prediction but more of a trend. In truth, you are right. In reality, things will only get worse. Let me tell you why.


In 2024, there will be significant changes to the insider threat landscape, with a few key predictions taking centre stage in order of importance.

1. AI Threat – The most significant is the advent of artificial intelligence-based attacks, representing a paradigm shift in insider threat issues.

2. Increased Economic Pressures – Financial hardships like rising inflation and cost-of-living crises create motives for employee fraud and data theft.

3. Rise In Insider Attacks – There will be a greater emphasis on outsiders attempting to target privileged users within organisations, whether they be rivals, foreign governments, or other entities.

4. Social And Geopolitical Pressures – Increased cyber activity targeting elections and critical infrastructure due to tensions between nations is a high possibility.

5. Rise Of Data Privacy Concerns – With increasing regulations, organisations face additional pressure to protect sensitive personal data. Insider threats can lead to significant data breaches and compliance violations.

6. Hybrid Workforce Persists – The hybrid workforce is expected to continue and, driven by employee demands and cost flexibility for employers, will continue to push challenges for managing insider risks.

People may think they are somehow immune to a business breach. They may trust their security controls, thinking they have amazing impenetrable defences. They may put their trust in “flying under the radar” or believe they are too small to have a breach. But this thinking assumes breaches come from the outside, from bad actors external to the organisation. What they fail to take into account is the risk of an insider breach.

Ready or not, this is the most likely to happen in 2024. And the main thing is to “keep calm and don’t panic”.

Prediction #1

AI Emergence As An Insider Threat

It’s been a while since IBM Big Blue defeated renowned Garry Kasparov in a chess battle. That was back in 1997, some twenty-seven years ago.

In February 2011, IBM’s Watson DeepQA computer made history by defeating the two foremost all-time champions of the TV quiz show Jeopardy!

In March 2016, the strongest Go player in the world lost to Google’s DeepMind AlphaGo.

While the closely watched Jeopardy and Go competitions showed how computers powered by machine learning and artificial intelligence can outperform humans and benefit society, concerns have also arisen about the technology’s darker side.

The fantastic adoption of AI has been both an astonishing and a dark cloud.

AI has transformed how firms run by automating repetitive operations and empowering data-driven decision-making.

However, even as we employ AI to improve business processes, streamline operations and enhance decision-making, we must also consider how it may contribute to cyber and insider threats.

One reason cybercrime has rapidly accelerated is the lower barrier to entry for malicious actors.

Cybercriminals have evolved their business models, offering subscription services and starter kits. The use of large language models like ChatGPT to write malicious code also highlights the potential cybersecurity challenges.

Because of these threats, all business leaders in today’s digital world must know about AI’s developments in cybersecurity.

On the other hand, AI is also becoming an essential tool in the fight against cybercrime.

The question is, will AI change the insider threat landscape?

Yes, that is the simple answer. AI can and will change the insider threat landscape from a positive and negative context.

Detection And Prevention

  • Positive impact: AI can enhance the detection capabilities of organisations by analysing vast amounts of data to identify patterns and anomalies.
  • Negative impact: Sophisticated attackers may leverage AI to develop more sophisticated and evasive attacks, making it challenging for traditional security measures to keep up

Behavioural Analysis

  • Positive impact: AI-driven behavioural analytics can help organisations understand typical user behaviour and identify deviations that may suggest malicious intent.
  • Negative impact: Misinterpretation of behavioural data or false positives may lead to unnecessary suspicion or false accusations against employees.

Automation Of Attacks

  • Positive impact: AI can automate the detection and response to insider threats, enabling faster reaction times and reducing the potential damage caused by malicious insiders.
  • Negative impact: Malicious insiders may also use AI to automate attacks, making them more efficient and challenging to detect.

Data Protection

  • Positive impact: AI can assist in encrypting and protecting sensitive data, making it more challenging for insiders to access or exfiltrate critical information.
  • Negative impact: Poorly implemented or insecure data handling practices within AI applications may inadvertently expose sensitive data. Furthermore, malicious insiders may intentionally exploit AI systems to leak sensitive information.

Insider Collaboration

  • Positive impact: Organisations can proactively monitor and detect insider collaboration with AI, enhancing their ability to prevent and respond to sophisticated attacks.
  • Negative impact: Insiders may use AI tools to augment their malicious activities, making it more challenging for security systems to discern between legitimate and nefarious actions.

Privacy Concerns

  • Positive impact: Organisations can implement ethical AI practices and privacy-preserving technologies to balance security measures with employee privacy, addressing concerns and complying with regulations.
  • Negative impact: Poorly implemented AI monitoring may infringe on employee privacy, leading to legal and ethical challenges and potentially damaging the trust between employees and the organisation.

What Is The Short-Term Outlook?

Sure, AI is being used to amplify the capability of bad actors by developing more sophisticated malware and facilitating cyberattacks from systems like FraudGPT.

AI can be increasingly used for social engineering attacks, such as automated spear phishing and convincing interactions with victims using email, voice, and text communications.

In reality, it will be a while before AI can think independently and decide between good and bad. It will be some time in the future when it can act like a “human” and become a true insider.

Prediction #2

Increased Economic Pressures

Today’s organisational behaviour scenario is as dynamic as the environments in which organisations function. It’s a blend of trials and triumphs, where the key lies in using the right approach to minimise the trials and optimise the triumphs.

One of the main challenges and opportunities facing organisations is the increasing economic pressure.

Economic pressure has been rising globally due to several key measures such as the slowdown of GDP growth (like in China), rising unemployment, declining consumer spending due to price increases that we have seen in the Western world, reduced business spending and confidence, political unrest, conflict in parts of the world and the global deterioration in trust.

In today’s global economy, trust is king. Trust is the social underpinning of social behaviour and social reality. When mistrust and suspicion grow, it becomes even more difficult to transact, and costs, therefore, increase, as can be noted in the following equation (source: The Speed of Trust by Stephen M.R. Covey)

What are the consequences of economic pressure on organisations, therefore?

Economic downturns can profoundly impact organisations, extending beyond the immediate financial challenges.

Increasing economic pressure on organisations can have notable consequences, potentially heightening the risk of insider threats.

Job insecurity stemming from layoffs or hiring freezes may lead disgruntled employees to engage in malicious activities, exploiting their access to sensitive information.

Financial strain, salary freezes, and benefit reductions can foster discontent, making employees susceptible to engaging in insider threats for personal gain or retaliation.

Increased workloads due to downsizing can contribute to burnout, affecting judgment and potentially leading to security lapses.

Communication challenges and a lack of transparency during economic downturns may create an environment where employees feel disconnected or undervalued, increasing the likelihood of insider threats as individuals may perceive a diminished commitment to their well-being.

Organisational and employee stress intensifies due to factors such as job insecurity stemming from layoffs and downsizing, increased workloads due to reduced staffing, and financial strain caused by salary freezes and benefit cuts.

Overall, economic can amplify internal vulnerabilities, necessitating proactive measures to mitigate insider threats and maintain organisational security.

The increased economic pressure will certainly have a cascading effect, as depicted in the above diagram.

Prediction #3

Rise In Insider Attacks

Insider threats represent a significant and evolving challenge for organisations.

According to IBM, the X-Force Threat Intelligence Index 2023 reported a 13% increase in insider threats year-over-year.

Another report from Bridwell shows that around 77% of organisations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyber threats in the last three years.

A further report from GURUCUL in their 2023 Insider Threat Report revealed that 74% of organisations say insider attacks have become more frequent.

The latest Verizon 2023 Data Breach Investigation Report found that insider threats accounted for 22% of all data breaches.

These studies suggest that there is a growing problem for organisations of all sizes.

Cause Of Growth

A number of factors in the changing landscape may explain this rising threat. However, there’s no single cause for the rise of insider attacks, but rather a complex mix of factors contributing to this trend. Here are some key points to consider:

Increased Temptation – The explosion of sensitive data stored electronically has become a double-edged sword, creating both immense value and significant vulnerability. This treasure trove of information, from financial records to intellectual property, attracts competitors, malicious actors and nation-state sponsors.

The ease of copying and transferring electronic data compared to physical records lowers the barrier to entry for attackers, even those with limited technical skills.

Furthermore, the sheer volume of data collected often leads to sprawl, creating blind spots and increasing the attack surface. This combination of temptation, opportunity, and ease of execution fuels the rise of insider attacks.

Increased Accessibility – Increased accessibility fuels the rise of insider threats. This accessibility stems from remote work, broader employee roles, and data sprawl, creating multiple entry points for malicious actors. The ease of copying and transferring electronic data compared to physical records further simplifies potential attacks, even for those with limited technical expertise.

Increased Sophistication Of Bad Actors – Gone are the days of basic malware and phishing attempts.

Today’s attackers wield various advanced tools and techniques, from social engineering, that manipulate employees into granting access to custom malware designed to evade detection. They exploit software vulnerabilities, collaborate through Cybercrime-as-a-Service (CaaS) platforms, and even form insider networks to orchestrate targeted attacks.

Attackers now target organisations for espionage, disruption, or reputational damage. Hacktivist groups with ideological agendas and nation-state actors pursuing strategic goals increasingly employ insider tactics. This diversity of motivations and the potential for broader impact raise organisational stakes.

Increased Targeting Of Insiders Within Critical Infrastructure – Attacks on critical infrastructure have become more frequent and severe.

While critical infrastructure’s high value attracts attacks, it also makes its insiders highly prized targets. Malicious actors increasingly recruit, coerce, or bribe insiders to gain access to these systems. These insiders, with legitimate authorisation and knowledge of security protocols, pose a unique and dangerous threat. They can bypass traditional security measures and inflict more significant damage than external attackers alone.

The question is, will 2024 be any different?

Based on the reports and the reasons we have mentioned, it’s difficult to predict whether 2024 will see even worse insider threat attacks than 2023.

However, the evidence and other trends suggest that we should be prepared for the continued rise of insider threats in 2024.

Prediction #4

Social And Geopolitical Pressures

The relentless flow of news stories is centred chiefly around cyberattacks, hacks, and breaches. Criminals and hackers don’t seem to take a rest and are always ready to breach the organisations’ defences.

The cyber threats to an organisation can be overwhelming, and it can be easy to become distracted by the latest vulnerability or breach.

The daily news reminds us that the world is becoming a very uncertain and dangerous place.

Geopolitical threats from hostile foreign powers extend beyond government and military targets as disinformation and disruption have become tactics across business and society.

If you think about it on a basic level, there is no more significant threat than uncertainty.

You may be uncertain whether you are a target, but at least you know that a committed bad actor will look for all vulnerable doors into your business, including your people. That’s a certainty.

You may be uncertain whether an outsider has recruited any of your employees for corporate espionage activities. Still, at least you know for certain that such activities could significantly harm your organisation.

You may be uncertain, not knowing what geopolitical event will occur, but you do know that it may impact your organisation significantly.

State-Sponsored Attacks

Businesses and their infrastructure are getting swept up in international affairs at a rapidly increasing rate.

We see competition or animosity between nation-states playing out via the theatre of cyberwar.

Nation-states increasingly utilise insider threats as a key tactic in their cyberattacks.

This involves recruiting individuals with authorised access to infiltrate organisations and steal sensitive data, disrupt critical infrastructure, or facilitate further compromise.

These attacks have a high chance of success and are challenging to attribute because they exploit insiders’ knowledge and bypass external security measures.

Recruitment methods include targeting disgruntled employees, exploiting personal vulnerabilities, or utilising pre-existing networks.

Once recruited, insiders can steal data, sabotage systems, create backdoors, or grant access to external attackers.

In an article published late in 2023 by Reuters, state-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure and businesses.

What evidence do we see?

  • According to Tom Burt, corporate VP of customer security & trust at Microsoft, there has been a “disturbing” increase in aggressive nation-state cyber activity in the past year. This is based on their 2022 Microsoft Digital Defence report.
  • An article published by Reuters in late 2023 indicated that there has been a rise in sponsored groups targeting critical infrastructure in Australia. (source:

Corporate And Economic Espionage

The globe has become a moving chessboard where each nation pulls and pushes strings in the background. Some countries are striving for dominance. Some countries are fighting for survival.

2024 will see trade wars, tensions escalate, and economic instability rise.

This complex geopolitical game spills over into the corporate world, fuelling a rise in corporate espionage. Companies become pawns where their secrets are wanted, like winning strategies.

What signs do we see of increasing espionage?

  • The domestic intelligence chiefs of the Five Eyes (Australian Security Intelligence Organisation (ASIO), the Canadian Security Intelligence Service (CSIS), the Federal Bureau of Investigation (FBI), and the New Zealand Security Intelligence Service (NZSIS)) alliance warned businesses in October 2023 that they were seeing a “sharp rise” in attempts by hostile states to steal intellectual property.
  • ASIO warning Australian citizens of foreign interference, espionage and terrorism. (Source:

Social Risks

Geopolitical risk is not only about high-profile international events, conflicts, or shifts. It refers to the potential for societal harm caused by various factors interacting on a global scale. These risks can manifest in diverse ways, impacting individuals, communities, and entire nations.

Social risks and insider threats are intricately linked in the complex tapestry of geopolitics. They feed off each other, creating a vicious cycle with devastating consequences. Here’s how:

Disinformation and propaganda: The manipulation of information can create fertile ground for insider threats. Imagine an employee exposed to constant narratives demonising a specific group. This individual, already grappling with personal frustrations or economic hardships, might become vulnerable to radicalisation. State actors or extremist groups can exploit this vulnerability, recruiting them to commit insider acts as a twisted form of “patriotism” or revenge.

Cybersecurity threats: Imagine disgruntled employees manipulated by online disinformation campaigns questioning their company’s ethics or involvement in international conflicts. The erosion of trust can lead them to leak sensitive data or sabotage systems, believing they are exposing wrongdoing.

Mass displacement and migration: Imagine an individual fleeing conflict or persecution, harbouring deep resentment towards their former government. Their desperation and lack of loyalty could be exploited if offered employment with access to critical infrastructure or sensitive information. This individual becomes a potential insider threat, susceptible to coercion or bribery to engage in espionage or sabotage against their former nation.

Erosion of human rights and freedoms: When governments crackdown on dissent, they inadvertently push potential whistleblowers into the shadows. Imagine a scientist witnessing unethical practices within a military program. Unable to voice their concerns through official channels due to fear of repression, they might resort to leaking classified information anonymously, becoming an insider threat driven by a desire for justice and accountability.

Are we seeing evidence of an increase in social risks?

There is plenty of evidence that there have been significant trends that point towards evolving and concerning landscape. For example:

  • Social media platforms like Facebook and Twitter have faced ongoing criticism for their inability to effectively curb the spread of harmful content, including hate speech and propaganda.
  • Studies by RAND Corporation and Oxford University show a surge in manipulated media content and coordinated disinformation campaigns online, often linked to specific geopolitical agendas.
  • Reports by the World Economic Forum and the Global Cyber Security Index highlight a steady rise in cyberattacks, with nation-states increasingly targeting critical infrastructure and sensitive data.
  • The United Nations High Commissioner for Refugees reports that 117.2 million people were forcibly displaced worldwide as of the end of 2023.
Prediction #5

Rise Of Data Privacy Concerns

It should come as no surprise that one of the day’s main issues is data privacy.

Our world has become increasingly data-driven, and digital platforms have revolutionised the way we work, play, and interact with one another.

However, this concerning development has forced us to share information online, continuously expanding our digital data portfolio and increasing the likelihood of misusing it.

Since GDPR came into effect in 2018 in Europe, more and more countries have followed suit. The shift toward consumer data protection across the globe has resulted in OAIC (Australia), CCPA (California), LGPD (Brazil), PIPL (China) and POPIA (South Africa), among others.

When it comes to data privacy, a lot is at stake.

It’s not surprising, therefore, that we can expect to see even more data privacy laws being adopted. This is due to several factors, including:

  1. The growing application of new technologies, including big data and artificial intelligence. Large volumes of personal data can be gathered and processed by these technologies, and the resulting information can be used to alter people’s behaviour, follow their activities, and draw conclusions about their personal lives.
  2. The increasing recognition of the importance of personal data. Organisations are becoming more conscious of the fact that they can benefit from the collection and sale of personal data to outside parties. Concerns about improper use of personal data and demands for more robust privacy protections have resulted.
  3. The fragility of personal data is highlighted by the rising frequency of well-publicized data breaches (like the Medicare and Optus breach in Australia). These hacks have damaged the public’s confidence in governments and corporations, and it is now evident that more has to be done to protect personal information.

How will the increase in data privacy concerns affect insider risk management?

When it comes to insider risk management, the growing number of concerns around data protection is a double-edged sword.

While it raises awareness and potentially fuels investment in Insider Risk Management Programs, it also introduces new complexities and challenges that require adaptation. Here’s a breakdown of both sides:

Negative Impacts

  • Limited capability made worse: Increasing data privacy governance presents an additional complex set of challenges for organisations already challenged with managing insider risks.
  • Data breach amplified: Increasing data privacy governance could allow insiders with malicious intent to take advantage of the situation to cause harm to the organisation, knowing full well the increasing severity of regulatory sanctions that are levied on organisations when they experience a data breach.
  • Intrusive monitoring: Increasing data privacy governance could add another layer of intrusiveness by implementing further monitoring measures to detect insider threats. This can raise privacy concerns for employees, potentially creating a feeling of being spied on. In addition, it can erode trust and morale, hindering productivity and collaboration.
  • Financial and operation losses: Insider incidents can lead to data breaches and leaks, causing more significant financial losses due to fines, lawsuits, reputational damage, lost business opportunities and increasing regulatory penalties.

Positive Impacts

  • Increase awareness and investment – Data privacy breaches often grab headlines, making organisations and the public more aware of the potential dangers posed by insider threats. This heightened awareness can increase investment in Insider Risk Management Programs, resources, and technologies.
  • Focus on Data Governance: Stringent data privacy regulations often demand robust data governance frameworks to effectively classify and protect sensitive information. Aligning Insider Risk Management Programs and data governance goals can improve data security overall.
  • Proactive approach: Data privacy concerns emphasise preventing data breaches rather than simply reacting to them. This can drive Insider Risk management Programs towards a more proactive approach, focusing on employee training, threat detection, and vulnerability management.

It’s critical to make clear that there is more going on here than just a straightforward cause-and-effect link between insider threats and data privacy problems.

While it’s true that growing privacy concerns may give rise to some circumstances that could increase the likelihood of insider threats, an increase in insider threats could also lead to an escalation in privacy governance.

Prediction #6

Hybrid Workforce Persists

Working in the office can sometimes feel like being in a fishbowl with employees swimming around in circles, waiting to be fed their next assignment.

The COVID-19 pandemic has catalysed workplace change, forcing employers to adapt to remote work and re-evaluate their traditional office-based models.

Needless to say, this created a state of anxiety, apprehension and high alert. The perception and awareness of doing business as usual ran out of the door.

Emotions were running high. Stress swelled. Fear was in everyone’s mind.

Such an environment will most likely lead to insiders making mistakes, losing sensitive information, and potentially damaging critical assets, intentionally or accidentally.

In times of severe stress, human beings will revert to the most fundamental instinct—“survival”, and consequently, logical thoughts will be thrown out of the window.

People are an organisation’s most important asset, but people are also human.

A large proportion of the global workforce operating outside the office has created new problems. The increased reliance on cloud systems, coupled with potential financial pressure, job insecurity, unfamiliar circumstances, and the general anxiety of a global pandemic, have created a perfect storm.

According to the Ponemon Report, 2022 saw a 34% increase in insider threat incidents. (source:

Will The Hybrid Workforce Continue?

Focus on the pandemic may be receding, but the hybrid work model appears to have a staying power.

According to the Littler Mendelson PC report, over 70% of US employers embrace hybrid work models. (source:

Despite economic uncertainty and layoffs at major organisations, only 20% of respondents believe in returning to a more in-person work environment.

While the hybrid work model offers many benefits for both employees and employers, it also increases the opportunity for insider threats.

  • Blurred lines: Physical and digital boundaries between work and personal life can blur in a remote setting, making monitoring data access and activity harder. This can create opportunities for individuals to engage in unauthorised activities without immediate detection.
  • Reduced visibility: Monitoring network activity and data access are more complex when employees are not physically present in the office, making it harder to identify suspicious behaviour in real time.
  • Poor data management: In many cases, employees accidentally violate security regulations and download corporate sensitive data onto their unsecured devices, making them uncontrolled by their organisation and exposing them to regulatory risk.
  • Poor cyber hygiene: Working from home and probably using their own computers as work devices without the proper cyber hygiene they were accustomed to while in the office posed a greater risk to the organisation.
  • More opportunities to abuse organisation assets: Outside of the watchful eye of the security and IT teams, malicious insiders have more opportunities to create trouble. They can steal data, share it with hacker groups, engage in espionage, or practice insider trading. For example, another new threat that has emerged in the last two years is cybercriminals and state-sponsored offering insiders’ money to help breach the company network.

How Will You Prepare For 2024?

“Success is where preparation and opportunity meet”. This statement beautifully embodies the delicate balance between being ready and seizing the right moment.

In the world of protecting an organisation’s critical assets, success comes from being ready and spotting trouble at first sign.

Preparation and opportunity can be defined in the following:

  • Secure: Being secure means investing in cost-justified security controls to protect the organisation’s most important assets.
  • Vigilance: Being vigilant means putting more significant effort into gaining insights around visibility and insights into threats that could harm these critical assets.
  • Resilience: Resilience means seeking to respond more effectively when an organisation’s businesses or systems have been disturbed and returning to normal operations as quickly as possible.

The insider threat problem presents different challenges to organisations attempting to go beyond information technology management and establish a robust risk management program.

If you are a cyber risk manager struggling to manage risks from insiders, then you are not alone.

Insider threats is not a technology problem. Insider activity, especially if they are malicious, moves along a continuum from idea to action. Such employees will find ways to evade security controls, making themselves so much harder to detect.

If you are a C-level executive or a board member and struggle with overcoming risk-spot blindness, then you are not alone.

Insider threats aren’t just the immediate damage they can inflict but the broader cascading effect on the organisation’s reputation, finances, competitive edge, and long-term stability.

The challenge lies in proactively preparing a culture of trust, vigilance, and security awareness while implementing robust security measures to prevent, detect, deter and mitigate insider threats before they materialise.

If you want to build an insider threat program for your organisation and require expert advice to guide you on your journey, please register your details
Alternatively, register your interest in the upcoming course “Building An Insider Threat Program”

Rising Risk: The Escalating Menace Of Insider Threats In Small To Medium-Sized Businesses

Rising Risk: The Escalating Menace Of Insider Threats In Small To Medium-Sized Businesses

When considering insider threats, the familiar mental image often involves envisioning an undercover operative or a double agent with a singular objective: The covert extraction of sensitive information from large and technologically advanced corporations. The portrayal of such scenarios in James Bond films effectively establishes the backdrop for this perception.

However, insider threats are much more widespread than many people realise.

While we may think that large organisations are the perfect target for such scenarios, small to medium-sized businesses (SMEs) also suffer the consequences of a breach of trust.

In fact, insider threats pose a serious risk in any business environment, but they can be disastrous for SMEs.

Take the Example of the Largest Municipal Fraud in American History

What happened?

Rita Crundwell stole over $53 million of public funds across two decades in office as the City Comptroller and Treasurer for Dixon, Illinois, a town with a population of just 16,000.

She used the funds to build one of the nation’s leading quarter horse breeding empires and threw lavish parties for community leaders at her home, all while the town endured cuts to public staff, emergency services budgets, and work on maintaining public infrastructure.

In 2012, after a close colleague turned whistleblower finally uncovered her scheme and alerted the Mayor, the FBI arrested Crundwell as the largest municipal fraud perpetrator in American history.


  • How did Rita Crundwell steal over $37,000 daily from a town with an annual budget of around $6 million?
  • How could such embezzlement go undetected in annual audits by two independent accounting firms and in annual audit reviews by state regulators?
  • How did local residents not become suspicious of Crundwell’s extravagant wealth and frivolous spending?

Feature film

This story has turned into a feature film called “All the Queens Horses” and tells the story of Rita Crundwell, the perpetrator of the largest case of municipal fraud in American history.

When business owners focus towards safeguarding their enterprises, the primary emphasis is frequently placed on countering cybersecurity threats.

Cyberattacks like phishing, social engineering, malware and other direct cyber assaults aimed at compromising the integrity of business computer systems are a vital concern.

However, not all threats originate from outside your organisation. Insider threats are a real security risk, and there are many types that you should be aware of if you want to ensure your business is protected.

This article will examine why SMEs must proactively identify hidden dangers to their business.

What Are Insider Threats?

To start with, let’s define insider threats.

An insider is anyone who has or had authorised access to your business assets. This insider can be your employee, a contractor, a former employee, a trusted third party, a partner, a vendor, or even a former employee.

Insider threat can be defined as the potential for an individual who has or had authorised access to an organisation’s assets to use their access, either maliciously or unintentionally, to act in a way that could cause harm to the organisation’s assets.

Types Of Insider Threats

Insider threats can be broken into two groups: Malicious and non-Malicious.

What makes them different is the intention. There is a motive.

  • Malicious threats are those that intend to cause harm and negatively affect their organisations.
  • Non-malicious (accidental) are those people who, through their actions, unknowingly (without intention) cause harm.

Malicious Insider Threats

The principal goals of malicious insider threats include espionage, fraud, intellectual property theft, sabotage and misuse of information. They intentionally abuse their privileged access to steal information or degrade systems for financial, personal and/or malicious reasons.

What motivates people to intentionally cause harm to their organisation? The most simplistic explanation that the community tends to talk about is “MICE”, which can be explained as follows:

  1. M for Money: This refers to individuals motivated by financial gain. Insider threats driven by the desire for monetary rewards may involve theft, fraud, or the unauthorised sale of sensitive information.
  2. I for Ideology: Individuals motivated by ideology are guided by strong beliefs or convictions. Insider threats in this category may arise when employees align themselves with a particular ideology or cause that conflicts with the organisation’s interests.
  3. C for Coercion: Coercion involves using force, threats, or other pressure to compel individuals to act against their will. Insiders may become threats if they are coerced into compromising the organisation’s security.
  4. E for Ego: Ego-driven motivations involve individuals seeking recognition, status, or personal satisfaction. Insider threats with ego motivations may manifest as employees who attempt to prove their capabilities, challenge the system, or seek revenge for perceived slights.

Non-malicious Threats

Although “malicious insider threats” tend to be the subject of newsworthy media stories, most insider incidents are caused accidentally through carelessness, negligence, or ignorant actions.

  • Negligence refers to taking those who do not take reasonable care or fulfil a duty of care. Such people may disregard safety protocols or rush through their jobs without reasonable care, which can harm themselves or their organisation. For example, someone who clicks on a link or opens a malicious attachment.
  • Carelessness refers to a lack of attention that results in mistakes or accidents. For example, someone who may leave sensitive information lying around.
  • Ignorance refers to someone making poor decisions and failing to follow the rules or guidelines due to a lack of knowledge or awareness about a particular situation.

Common Examples of Unintentional Insider Threats:

  • Clicking on malicious phishing links
  • Opening up malicious attachments
  • Falling for social engineering attacks
  • Send confidential data to the wrong recipient
  • Ignoring security policies
  • Oversharing personal and confidential information on social media
  • Careless use of USB drives
  • Using easily guessable passwords

What Are The Most Significant Insider Threats Facing SMEs?

While I have outlined the different types of insider threats above, here are some of the more troubling threats that SMEs need to be aware of.

Workplace Embezzlement

Embezzlement is the misuse or theft of company funds or company property. Embezzlement occurs when funds or resources from a business are misused for personal gain.

There are a variety of ways that an employee or business owner can steal or misappropriate resources. Here are some of them:

  • Stealing money from cash registers – Employees may void the transaction and keep the money for themselves
  • Cashing customer checks – Employee sets up a bank account similar to the company, and they then cash customer money
  • Overbilling customers – Employee may charge customers more than the company’s rate and pocket the difference
  • Forging payments – Employees writing company checks to themselves
  • Faking vendor payments – Employee sets up a fake vendor account and sends that money to themselves
  • Stealing customer credit card details – Employee uses customer card to buy goods and services for themselves
  • Stealing cash – Taking small amounts of money and hoping no one notices.
  • Stealing office supplies – Stealing the company’s assets and tasking it home
  • Stealing tax funds / returns – Employees responsible for tax payments may keep that money.
  • Using company resources to start/run their business – Employee uses company time, equipment, or funds to start their own business without their knowledge
  • Creating ghost employees – Employees who control payroll may set up fake employees on the system but pay these false employees to accounts that this person owns.

Employee embezzlement can have significant and wide-ranging impacts on an organisation. Some of the critical consequences include:

  • Financial loss
  • Erosion of trust
  • Reputation damage
  • Operation disruptions
  • Legal significances
  • Loss of productivity
  • Employee morale
  • Increased security measures
  • Long-term effects

The following is a real story of how an IT manager defrauded the organisation for which he worked.

Example: IT Manager Defrauded $1.7 Million from a TAFE in Western Sydney

What happened?

Ronald Cordoba was acting manager of information and communications technology services at the TAFE NSW South Western Sydney Institute.

He admitted using his position as ICT manager at the TAFE to sign off on $1.7 million worth of invoices from a company he had set up called ITD Pty Ltd.

For example, he charged the TAFE $150,000 for two year’s worth of Dropbox enterprise licenses, which he had bought from Dropbox for a little over $70,000.

He conducted email exchanges between himself and a fake ITD account manager called ‘Alicia’ to copy in colleagues and maintain the semblance of a legitimate third-party provider.

He also admitted to buying dozens of products that the TAFE never received.

Workplace Theft

The above example clearly demonstrates the interconnectedness between the physical-cyber-human world. No amount of cybersecurity tools would have stopped this crime from taking place

Managing Risk And Uncertainty

At first glance, “employee theft” might evoke images of a staff member discreetly leaving with office supplies like pens or a stack of paper. However, upon closer inspection, it becomes clear that this issue extends beyond physical items. Employee theft manifests in diverse forms and complexities, from the misuse of company time for personal activities to more intricate forms of dishonesty.

  • Time theft – Using company time to conduct personal businesses or simply not working while on the clock
  • Data theft – Stealing company intellectual property and other company data, including sensitive or confidential information
  • Financial theft – Stealing company funds, including diversion of funds or payments before they get recorded by the company
  • Customer theft – Pocketing payments from customers without recording the transaction
  • Identity theft – Using a colleague’s personal information for identity theft or fraud
  • Software theft – Stealing organisation software and licenses for personal use or to sell
  • Hardware theft – Taking organisation hardware for personal use or to sell
  • Inventory theft – Taking the company’s equipment, tools or inventory for personal use or sale.
  • Services theft – When an employee uses a service for personal gain without permission from their company

Workplace theft can significantly impact an organisation’s financial health, reputation, and overall functioning, similar to workplace embezzlement.

Here are some statistics that you should know:

  • 34% of fraud cases in small businesses are internal/employee-related (Verizon Report – Very Small Business Cybercrime Protection Sheet)
  • 22% of small business owners have had employees steal from them (
  • 88% of employee theft cases include attempts to hide the fraud (Association of Certified Fraud Examiners: Occupation Fraud 2022)
  • Small businesses are more likely to deal with check and payment tampering and skimming than other businesses (ACFE)

What Can You Do To Mitigate The Risk?

While large enterprises have taken considerable measures to combat insider threats through an insider threat program (through prevention, detection, deterrence and response measures), small and medium-sized businesses have been left vulnerable due to their lack of financial, IT resources and internal expertise.

While it’s essential to understand how devastating insider threats can be, there is a way to reduce the risk for your organisation.

Some Essential Points

  1. Insider threat is a business, not a technology problem. You are dealing with people’s beliefs, values, emotions, habits and needs that change dynamically over time.
  2. It is essential to realise that every organisation is unique, and the type of threats it faces will be different due to the type of assets it holds and the strategies it tries to execute.
  3. Protecting everything is a useless goal. While perhaps it’s not impossible, it is economically impractical and will likely impede important business initiatives.

Concept Of The Three-legged Chair

The three-legged principle works as follows: It takes only three principles working together to protect yourself, your family or your organisation from insider threats. If one of the three-legged stools is missing or broken, it will not support you

  1. You must accurately judge trust.
    • Begin with the hiring process – Companies should verify a candidate’s character capabilities and skill set with thorough background checks.
    • Establish clear security policies – Establish and enforce organisation cybersecurity policies. So much of the employee conduct will be guided by what the organisation considers safe and acceptable use.
    • Nurture cyber awareness within the organisation – Create a cyber and insider threat awareness culture. Staff should undergo regular training so that they have the confidence to identify both external cybersecurity threats and internal risks that could potentially harm the organisation. People cannot protect themselves or the business from risks they aren’t aware of
    • Have strict offboarding procedures – Since many malicious insider threats originate with former employees, it is critical to take fast action to terminate employee accounts and access them as soon as an individual leaves the company. This should significantly reduce any risk imposed by disgruntled or departed employees.
  2. You must accurately judge access
    • Know your critical assets – Inventorying your assets is crucial for implementing the required security controls and policy measures to protect them.
    • Limit strict access controls on what people can do – Organisations should use stringent password and account management policies and practices to prevent insiders from compromising user accounts.
    • Enforce separation of duties – Separation of duties requires dividing functions among multiple people to limit the possibility that one workforce member could steal information or commit fraud.
  3. You must be vigilant
    • Anticipate and manage risky behaviour – Ensure clear and consistent communication with your workforce about acceptable workplace behaviour to avoid any unexpected negative situations.
    • Pay attention to possible insider threat indicators – One of the most effective ways to reduce the risk of insider attacks is to monitor employee behaviour for known threat indicators. For example, if their behaviour has changed somewhat from their everyday activities.
    • Maintain good cybersecurity Hygiene – Practicing strong cyber hygiene goes a long way towards protecting your business from insider threats and deterring would-be bad actors in the first place.


Damage and the risk of damage from trusted insiders are not new for small to medium size businesses. There are plenty of stories, both malicious and unintentional, that have caused damage and sorrow.

A common misconception for SMEs is an idea of security through obscurity that your business is too small to be a target, but unfortunately, this is not the case.

SMEs hold valuable assets and are a much easier target given that they have less stringent technological defences, less awareness of threats and less time and resources to protect themselves effectively.

The impact of security breaches on SMEs is more substantial than for larger organisations. The costs to the business are proportionately higher. Lost customers. Lost brand confidence. Lost proprietary IP. Lost vendor relationships. Loss of reputation. And potentially loss of business.

Running a business is no small feat. It requires dedication, hard work and smart decision making.

When it comes to securing your business from insider threats, consider the three-legged analogy. Remember that no security measure is future-proof, so doing the little things well and continuously adapting to new changes within your business is the key to protecting your business.


Risky Behaviour Of An Insider Threat — The Cheating Employee

Risky Behaviour Of An Insider Threat — The Cheating Employee

In 2015, Volkswagen admitted to creating a device that allowed the company’s vehicles to cheat emissions tests in the United States and had a $5.7 billion settlement.

The following year, Wells Fargo revealed that 5,300 employees had secretly opened millions of phony accounts in an attempt to hit sales targets and receive bonuses.

Close to home, a report from the Australian Securities and Investments Commission (ASIC) found that clients were being charged fees without providing advice by banks and major financial institutions.

What Is Cheating?

Cheating can be defined as behaving dishonestly or unfairly to gain an advantage or achieve a desired outcome.

In many cases, cheating involves breaking the rules, regulations, or social norms to obtain an unfair advantage or benefit.

Cheating in the workplace refers to the act of intentionally misrepresenting information, data, or behaviour for personal gain or advantage.

Employees may cheat by engaging in fraudulent or unethical behaviour, such as misrepresenting their qualifications or experience, falsifying records, or stealing company resources.

In the workplace, cheating can have severe consequences for the individual and the organisation.

When employees cheat, they can undermine the organisation’s trust and credibility and harm the company’s reputation.

In addition, cheating can lead to financial losses, legal consequences, and a loss of trust among customers and other stakeholders.

Example: Australia’s Biggest Insider Trading Heist

What happened?

It is alleged that an employee at the Australian Bureau of Statistics (ABS) who had access to unreleased jobs, retail and trade data could provide this information to his friend working at the Australian National Bank.

They used the yet-to-be-released government data to place bets in the foreign exchange market. The former National Australia Bank trader turned $10,000 of seed money into $7.8 million before both men were arrested in May 2014.

Fictitious Scenario:

John is a mid-level manager at a manufacturing company. He has been with the company for several years and is well-respected by his colleagues and superiors.

However, John has recently fallen on hard times financially and has started to feel pressure to maintain his lavish lifestyle.

To maintain his lifestyle, John manipulates the company’s inventory records. For example, he starts to record that certain high-value items have been sold when in reality, they are still in stock. He then takes the items and sells them on the black market for a significant profit.

John’s fraudulent behaviour goes undetected for several months, during which time the company starts to experience a significant loss in revenue.

As the company’s profits continue to decline, the CEO launches an investigation into the company’s finances.

Through the investigation, it is discovered that John has been manipulating inventory records and stealing high-value items for his own personal gain.

The company is forced to take legal action against John and terminates his employment.

The damage to the company is significant, not only in terms of the financial losses incurred but also in terms of the loss of trust and reputation in the marketplace.

What Causes Employees To Cheat At Work?

There are many reasons why individuals may engage in cheating in the workplace.

One reason is that they may face life pressure or must meet unrealistic targets or deadlines. This can create a sense of desperation and lead them to engage in unethical behaviour to meet their goals.

Another thought, employees may cheat in the workplace if they feel undervalued or under-compensated for their work. This can lead to a sense of entitlement and a belief that they are justified in cheating to make up for what they perceive as a lack of recognition or compensation.

Another reason, employees may perceive their behaviour as acceptable or even encouraged by their superiors. If management turns a blind eye to cheating or fails to punish those who engage in it, employees may believe that cheating is an acceptable means of achieving success in the workplace.

Additionally, some employees may cheat simply because they do not see it as wrong or unethical. This may be due to a lack of moral education or a belief that the ends justify the means.

Warning Indicators

Something To Think About

Overall, cheating is a negative behaviour that undermines fairness, trust, and integrity.

It can occur in many different contexts and seriously affect individuals and the organisation.

Questions For You

  1. What policies and procedures are in place to prevent and detect fraudulent behaviour in the workplace?
  2. How do you encourage employees to report suspicious behaviour or fraudulent activity?
  3. Do you monitor employee behaviour and detect potential red flags indicating fraudulent activity?
  4. How do you ensure that employees are aware of the consequences of engaging in fraudulent behaviour, both for themselves and the organisation?

Behind Closed Doors — The Silent Peril Of Employee Burnout, Escalating Dangers Of Insider Threat

Behind Closed Doors — The Silent Peril Of Employee Burnout, Escalating Dangers Of Insider Threat

“If you can’t stand the heat, leave the kitchen.”

Is This Happening To You?

Waking up in the morning can sometimes be challenging as everything seems too overwhelming — the brightness, noise, and pace of the world.

It seems like every noise is really bothering you, every bit of brightness is causing discomfort to your eyes, and every motion makes you feel uncomfortable.

Every night, you struggle to sleep, tossing and turning in search of rest.

Thinking about work makes you feel anxious. The routine you used to know now feels like a confusing maze of tasks.

Every email task seems incredibly hard. The motivation that used to burn brightly is now just a weak, flickering light.

As you head to work, your patience is stretched thin like a worn-out rope. Your colleagues’ voices irritate you, and your boss’s requests appear unreasonable, even absurd.

The most minor inconveniences trigger an explosive irritation within you. You wonder how you’ve become this person, unlike your former self.

Standing there, utterly exhausted and frustrated, you realize you’re on the verge of reaching a breaking point.

Are these your symptoms? If so, you may be experiencing a “burnout” state.

The term “burnout”, according to the World Health Organisation, is defined as a “syndrome resulting from a chronic workplace stress that has not been successfully managed”.

Burnout is caused by chronic workplace stress, which can be low-level and irritating for months, if not years before a person realizes or is confronted by the problem.

If you have ever felt “stressed at work,” and who hasn’t? Chances are it’s because you thought you didn’t have enough time to do what you wanted.

Stress often results from feeling “stuck” in a particular time frame.  You can feel this frustration and irritation because you are focusing exclusively on the demands of the moment — The requests, the challenges and the events. They are all piling up with no break.

Those who are stressed and burned out have little understanding of how “urgency” and “importance” control their decision-making about what to do with their time.

Let’s explore some scenarios…

To-do lists are pervasive tools that employees employ to manage their time. They work their tail off to complete every task on their to-do list.

Unfortunately, most to-do lists are filled with “urgent” tasks. They require your attention at the moment, but rarely are they essential — the things that make a difference in the long term.

Urgency seems to control our lives. The phone rings, and we have to pick it up. It now becomes urgent if the phone call is important. This alone breaks your concentration and effectiveness.

The worst interruptions are meetings. They are typically scheduled like TV shows. The agendas are vague, and no one understands the goal. They tend to drift off subject, wasting everyone’s time. It’s too bad if it only requires five minutes to accomplish the objective. Meetings tend to stretch to an hour…and then the next meeting is ready to go.

According to the Global Workplace Burnout Study, burnout is a growing industry problem.

There are three dimensions to burnout:

  1. Feelings of energy depletion or exhaustion
  2. Increase mental distance and feelings of negativity towards work
  3. Reduced professional effectiveness.

What Causes Burnout?

There are three conditions:

1. Personal

  • Predisposition behaviour refers to certain qualities that might have been connected to someone’s early childhood experiences. These qualities could include feeling anxious, fearful, intense phobias, or dealing with mental disorders. These factors can influence how they behave now. That’s why people react to the same situation differently. No two people are the same.
  • Perfectionism is when you want to do everything perfectly, but it can hurt you significantly. People who struggle with it have difficulty making choices and often delay getting things done.
  • Lifestyle mismatch refers to a situation where a person’s personal habits, preferences, and daily routines clash with the demands of their work environment. A disconnect between how someone naturally lives their life and the expectations of their job can lead to increased stress at work. For example, if a person who values work-life balance finds themselves in a job that demands long hours and constant availability, it can create a sense of imbalance and strain.
  • Time mismanagement occurs when individuals struggle to allocate their time wisely. Tasks and deadlines can pile up, leading to a sense of overwhelm. As stress mounts, concentration and productivity tend to decline, creating a vicious cycle.

2. Team*

  • Lack of manager support – Managers are on the frontline of burnout. They can be central to preventing burnout or driving the problem. An absent or disrespectful manager leaves employees feeling isolated, exploited, and stuck in survival mode.
  • Unreasonable time pressure – When deadlines are unreasonable, and pressure is excessive and/or unending, this creates a pressure cooker environment that fosters burnout.
  • Unmanageable workload – The number of hours people work each week does matter, with burnout risk increasing significantly when employees exceed an average of 50 hours per week. This escalates even more substantially at 60 hours per week.
  • Unclear and inconsistent communication from managers – When expectations and accountability are inconsistent or unclear, employees can become frustrated and exhausted simply by trying to figure out what their manager wants.
  • Unfair treatment – When people are treated fairly and respected, they are more resilient and form stronger, more collaborative and productive relationships. When the treatment is biased unfavourable, or they feel they are mistreated compared to others, trust breaks. This allows burnout to take over.

3. Organisation*

  • Poor senior leadership – Senior leaders have the most influence over how an organisation operates and the environment that it creates. When senior leadership don’t “walk their talk”, they provide an atmosphere of unhealthy work conduct or even toxic culture.
  • Lack of support structure and guidelines – When employees feel that their work environment is supported, their workload is manageable, and expectations are realistic, employees will feel supported. But the converse is true.
  • Under resourcing – Do more with less is a commonly used corporate mantra for efficiency, but it often seeds burnout within the organisation. For example, budget cuts can lead to greater long-term costs through under-resourcing.
  • Outdated modes of working – Outdated ways of working such as endless meetings, excessive administrative work, ‘the client is always right’, hierarchical approval processes and the normalisation of working weekends are the structures that burnout thrives.
  • Value mismatch – People are increasingly craving purpose, both in their lives and in their work. However, when the value of the employee does not match the organisation’s worth, it will cause significant angst.

* The 2021 Global Workplace Burnout Study by Infinite Potential

What are the impacts of an employee who is exhibiting burnout?

As stated earlier, “burnout” is caused by unmanaged chronic workplace stress.

Stress at work that is ongoing and low level causes the feeling of burnout.

People are the main drivers of organisational success, and the health of the organisation is a crucial determinant of productivity and quality of work.

There is a significant gap in the productivity and quality of work between those who are burnt out and those who are not. (Source: According to the State of Workplace Burnout 2023 by Infinite Potential)

However, productivity is not the only outcome of people being burned out.

Employee burnout is a threat to your organisation, and this could be the case for several reasons. If your employees do the bare minimum, they may find achieving “cyber hygiene” difficult.

For example, they may skip necessary security steps like creating smart passwords, updating their computer with critical security updates, clicking on URL links or opening attachments that they shouldn’t be opening.

They will simply be unable to care or pay attention to threats such as phishing and other social engineering attacks.

But it gets worse.

It can compromise an employee’s ability to focus and make sound decisions, which can be particularly problematic in safety-sensitive industries.

It can lead to a sense of detachment and disengagement from work.

Burnout can have significant negative impacts on an employee’s physical and mental health. It can increase stress, anxiety, depression, physical health problems and weakened immune systems.

Those who suffer can strain relationships with colleagues due to increased irritability, reduced communication, and diminished teamwork. This can negatively affect the overall work environment and team cohesion.

Strained relationships and difficulty focusing and working will most likely lead to increased absenteeism. Those who are burned out are more likely to seek new job opportunities.

Those who suffer and feel poorly cared for and supported by management may lash out against their colleagues or organisations, causing significant harm.

Examples Of Possible Scenario: Software Engineer Causes Software Outage

A software engineer at a large tech company felt burned out after working long hours and having unrealistic deadlines. He started making mistakes at work, such as submitting code with bugs and missing important meetings. He also became withdrawn and irritable, which made it difficult for him to collaborate with his team.

One day, the engineer made a critical mistake that caused a major outage in the company’s software. 

The outage cost the company millions of dollars in lost revenue and customer goodwill. The engineer was eventually fired, and the company implemented new policies to prevent employee burnout in the future.

Other Possible Examples:

  • The nurse’s error, which led to the patient’s death, was a direct consequence of burnout resulting from the long working hours in the hospital.
  • A police officer at a large city police department became so burned out that he started abusing alcohol and drugs. He was eventually fired from the department.
  • A teacher at a public school became so burned out that she started yelling at her students and making threats. She was eventually placed on leave and later resigned from her job.
  • A customer service representative at a large telecommunications company became so burned out that she started snapping at customers. This resulted in several customer complaints, and the representative was eventually demoted.
  • A flight attendant at a major airline became so burned out that she started making mistakes during flights. This resulted in many delays and cancellations, and the flight attendant was eventually fired.
  • A social worker at a non-profit organisation became so burned out that she started having difficulty sleeping and concentrating. This made it difficult for her to do her job, and she eventually took a leave of absence.

Are You A Workaholic?

Are you staying at work late into the night? Or perhaps you are bringing your work back home? Do you find it challenging to disengage from work?

The term “workaholism” was defined by psychologist Wayne Oates back in 1971 as a compulsion or an uncontrollable need to work incessantly.

Work “addiction” is a complex condition in which an individual develops a mental, emotional, and social dependence on work.

People with work addiction often work compulsively at the expense of other aspects of their lives. They may work long hours even when it is not needed, sacrifice sleep to get work done, and be paranoid about their work performance.

Can A Workaholic Drive Burnout More Readily?

Burnout and workaholism are both conditions that can have a negative impact on an individual’s physical and mental health.

The main difference between burnout and workaholism is that burnout is caused by excessive stress, while workaholism is driven by a compulsive need to work.

Burnout can happen to anyone, regardless of their work ethic. On the other hand, workaholism is often a sign of underlying psychological issues, such as anxiety or depression.

A workaholic is more likely to experience burnout than someone who does not work excessively.

Workaholics are at risk for burnout because they tend to:

  • Work long hours, often without taking breaks or vacations.
  • Put work before their personal lives.
  • Have difficulty saying no to new work assignments.
  • They are perfectionists and set unrealistic expectations for themselves.
  • They feel like they need to be constantly productive.

These behaviours can lead to chronic stress, eventually leading to burnout.

Final Words

According to “State Of the Global Workplace: 2023 Report” by Gallup it reveals frightening figures that 28% of workers say that they feel burned out at work either “very often” or “always and that only 24% of employees believe their organisation cares about their wellbeing.

Why Is This Important?

As we can see, a considerable group of employees are minimally productive, disengaged, and disconnected from their organisation.

And we have learned that stress is one of the critical anchors that drive employees to be burned out.

According to the same Gallup report, 44% of employees experienced a lot of stress.

The Gallup analysis continued that engagement has 3.8 times as much influence on employees’ stress. In other words, what people experience in their everyday work – their feelings of involvement and enthusiasm.

Low-engagement workers represent an uncertain situation for organisations, driving low morale, high turnover, and increasing costs to the business, potentially causing reputation damage due to poor performance and thereby losing their competitive advantage.

There Is, However, An Upside To This Situation.

As organisational leaders endeavour to navigate an uncertain economic outlook, addressing their employee wellbeing concerns and improving engagement should be top priorities.

Leadership and management directly influence workplace engagement, and there is much that organisations can do to help their employees thrive at work.



2021 Global Workplace Burnout Study – 

The State of Workplace Burnout 2023 –