Preventing insider threats to enhance organizational security: The role of opportunity-reducing techniques

Abstract

Insider threats are one of the major potential risks jeopardizing organizational security. Many organizations have applied opportunity-reducing techniques to enhance security. These techniques have been classified into hard and soft forms based on their potential propensity to infringe on employees’ personal space. Hard form techniques have been widely adopted owing to their efficiency in saving cost and time. However, this study argues that hard form techniques would restrict personal autonomy, leading employees to disrespect the organizational security policies. To test the research hypotheses, a scenario-based questionnaire survey was conducted on 5,158 Prolific Academic members with working experience in the service industry and research and development, and the information industry. Two hundred and fifty-nine valid responses were analyzed using partial least square based structural equation modeling (PLS-SEM). The results show that the hard form techniques induce employees to feel intrusion of their privacy, making them morally irresponsible for their behavior, and even committing an insider attack. Hard form techniques can produce an adverse effect that is opposite to the intended purpose. The results imply that the practical method of making hard controls less intrusive, including the implementation of soft controls and horizontal decision-making processes for security policies, should be explored.