“The pull to do nothing would be strong”: limitations & opportunities in reporting insider threats

Abstract

ABSTRACT Though a reporting mechanism, in which employees report suspicious and/or potentially malicious coworker behavior, is thought to be important to tackling insider risk, the literature on the subject is sparse and unconvincing. Empirical evidence of the actual use and utility of this type of detection mechanism is slim. Our article explores the propensity of employees to report a coworker’s concerning behavior suspected to be related to insider activity that would negatively impact an organization. This study uses an inductive approach and qualitative analysis of original interview data collected from 16 financial services organizations to explore attitudes and opinions about reporting a coworker’s concerning behavior, providing lessons on countering insider threats useful across industries and national security domains. The results show that there is confusion, uncertainty, and cognitive dissonance surrounding institutional reporting mechanisms, with some participants expressing both affirmative and negative opinions about their personal likelihood of reporting. Employees do want to report concerning coworker behavior that suggests an insider threat, but not at their own expense. These results are consistent with those from other studies and sectors. Our study will assist organizations in refining their assumptions around workforce attitudes regarding the reporting of coworkers.