The human side of insider threats: People, pressure, and payback

While cybercriminals are often in the spotlight, one of the most dangerous threats to your company might be hiding in plain sight, within your own team.

Employees, contractors, or business partners who have access to sensitive information can use that access to cause harm, whether it’s stealing data, sabotaging systems, or leaking confidential details.

But what makes someone inside a company decide to turn against it? There’s often a psychological aspect to it, whether it’s personal frustration, financial stress, or a sense of being wronged.

Motivations behind insider threats

Personal grievances: When an employee feels overlooked, like they’re being mistreated, it can turn into resentment toward the company. Maybe they missed out on promotions or pay raises, or maybe they’ve experienced some form of discrimination. That sense of injustice can lead people to justify harmful actions as a form of payback.

Financial problems: Financial problems can push people toward bad choices and make them more susceptible to outside influences. Those struggling with debt or loans may be tempted to accept offers from hackers or competitors willing to exploit their situation.

Social or ideological beliefs: When employees strongly disagree with how the company handles things like environmental issues, labor practices, or workplace culture, they might feel compelled to take matters into their own hands. If they believe they’re exposing wrongdoing or standing up for a cause, they might leak sensitive information to the media or activist groups, convinced they’re doing the right thing, even if it hurts the company.

Boredom or lack of engagement: Sometimes, people just stop caring about their work. Maybe it’s because their tasks feel repetitive, or they don’t see how their efforts matter. When that happens, they might start ignoring company rules or skipping steps without really thinking it through. Over time, this can turn into apathy. They’re just not invested in the company anymore. From a security perspective, that’s risky because bored employees are more likely to bypass security protocols. They might see it as no big deal or even a low-key way to push back against a job they’ve checked out of.

Mental health issues: Mental health issues don’t automatically make someone a threat, but they can cloud judgment and make people act on impulse. Employees dealing with things like anxiety or depression might end up making risky choices—not necessarily because they’re trying to cause harm, but because they’re not thinking clearly. If a company doesn’t support mental health, it might accidentally create a space where these issues build up without anyone noticing.

Behavioral patterns and entitlement: Some employees believe that the rules just don’t apply to them. They might feel entitled to misuse company resources or leak sensitive information because they think they deserve it. In extreme cases, people with narcissistic tendencies might justify their actions as serving their own interests, without considering the consequences for the company.

Career dissatisfaction: If an employee feels like there’s no future in the company, they might want to get back at their employer—or at least make sure they benefit from their time there before they leave. Employees who feel stuck or see no growth potential may steal data or resources, using them for their next job.

The fraud triangle

Criminologist Donald Cressey came up with a theory to explain why people get involved in fraud or harmful behavior at work. It’s called the Fraud Triangle, and it breaks down into three parts: Pressure, opportunity, and rationalization.

• Pressure: Personal stress or financial woes can push employees toward risky decisions.
• Opportunity: Weak security systems create the chance to act on harmful intentions.
• Rationalization: Employees justify their actions, often believing they are owed something or acting for a greater good.

By understanding these three factors—pressure, opportunity, and rationalization—organizations can be better prepared to spot and prevent insider threats before they happen.

Insider threats in focus

To really understand how serious insider threats can be, it helps to look at a few high-profile cases that have brought these risks into focus.

In 2019, a former AWS employee exploited a vulnerability in Capital One’s cloud infrastructure, compromising data of over 106 million customers. The attacker used insider knowledge of AWS to gain unauthorized access.

In May 2023, Tesla revealed that two former employees were responsible for a data breach, where they accessed and leaked personal information of over 75,000 individuals.

Remote work is another hot potato when we discuss insider threats, as it is difficult to determine whether the person employed is truly who they claim to be. Recently, a network of North Korean IT front companies, mainly operating from China, was uncovered. These companies help North Korean workers obtain remote jobs globally, often laundering payments through cryptocurrencies or shadow banking. These front companies mimic legitimate IT firms, making it difficult for businesses to detect fraud.

The FBI also warned that North Korean IT workers, often posing as freelancers, are extorting employers by leveraging access to company networks to steal proprietary data, facilitate cybercrime, and generate revenue for the North Korean regime.

If we set aside insider threats driven by espionage or political motives, many of these risks still stem from personal issues, frustrations, or unmet needs that can be recognized and addressed within the company.

How to prevent insider threats

Creating an environment where employees feel valued, supported, and engaged can reduce the risk of insider threats. Companies with positive cultures where employees feel they are treated fairly are less likely to experience the frustration or disengagement that can lead to harmful behavior.

To reduce insider threats, organizations should combine psychological insights with cybersecurity measures. Here are some strategies:

• Foster a positive culture: Engage employees regularly and address grievances promptly.
• Limit access: Implement role-based permissions and monitor data usage.
• Mental health support: Offer counseling and work-life balance programs.
• Ethical training: Educate staff on decision-making and security risks.
• Secure reporting channels: Encourage reporting without fear of retaliation.
• Routine security audits: Identify vulnerabilities and enforce cybersecurity practices.
• Clear exit protocols: Revoke system access immediately and monitor post-departure behavior.

It is important to be aware that the human psyche is delicate; the person who is the best and most reliable employee today may turn against the company they work for tomorrow, and no psychological analysis can prevent that. The race against time, the increasing pursuit of profit, work pressures, and the lack of healthy communication among people will continue to be triggers for someone to become an insider threat.

So, in the end, it’s all about recognizing those red flags early and building a work culture where everyone feels heard and respected. If we do that, we’ll reduce the chances of insider threats.