PurposeThe paper focuses on intentional information security breaches by insiders. The purpose is to assess the relationship between insiders' backgrounds and motivations and their deviant behaviors. Two outcome variables, information technology (IT) espionage and IT sabotage, are correlated with four predictors, financial changes, relationship strains, substance abuse, and job changes.Design/methodology/approachSome 62 cases of intentional information security breaches by insiders are examined using canonical analysis.FindingsThe results indicate that a significant relationship exists between financial hardship, relationship strains, and the theft and sale of proprietary data by insiders; and recent firings, substance abuse, and relationship strains are related to information system sabotage.Research limitations/implicationsBecause little or no research has been conducted on this topic, there is a lack of validated measures for variables associated with information security. Thus, the measures used in this paper are necessarily simplistic. Because few organizations report information security weaknesses, the sample is relatively small.Practical implicationsIn the majority of cases included in this paper, it is found that the insider convey a number of warning signs before committing the security breach. After reading this paper, diligent managers should be able to identify potential security breaches.Originality/valueThis is one of the first studies to explore insider security breaches using canonical analysis.