Insider threatFour types of employees who are potential insider threats

Academics have identified four types of employees who can become a threat to their companies – and explained the reasons why their workplace behavior declines.

Researchers from the Universities of Glasgow and Coventry found organizational change within a company can act as an important trigger prompting even loyal and longstanding employees’ behavior to worsen.

The results of this range from time-wasting in the office to giving away confidential business information to competitors.

They identified types of employees - omiters, slippers, retaliators and serial transgressors – who carry out this ‘counterproductive work behavior’ and the factors which cause it, in their new report.

Their findings have been used to create a series of resources to help employers manage organizational change and to try to prevent this behavior by staff.

Coventry says that the project – funded by the Center for Research and Evidence on Security Threats (CREST) – collected data from a company undergoing organizational change.

The research, by Professor Rosalind Searle and Dr. Charis Rice, involved interviewing managers and employees, reviewing HR and security paperwork relating to insider threat cases and carrying out anonymous surveys within the organization.

Their work revealed negative impacts of organizational changes – such as unpredictable working environment, inadequate communication, inconsistent leadership and unfair changes or processes - can cause distrust to form among employees and their managers.

This reduces people’s psychological attachment to their companies and makes them more likely to carry out behavior that makes them an insider threat. 

The four types of employees who could potentially become an insider threat to their company are:

— Omiters – These are people who carry out this behavior through an incapacity to effectively self-regulate their actions. They unintentionally breach rules and need help from colleagues to reduce the insider threat risk they present.

— Slippers – These are employees who occasionally undertake single acts of counterproductive work behavior, such as taking home ‘on-site only documents’ or being rude to others.

— Retaliators – These are employees who deliberately undertake small acts designed to harm the organization. Over time, if unchallenged and uncorrected, these can cause problems for colleagues and create additional costs and risks for their employers.

— Serial transgressors - These individuals undertake a wide array of counterproductive work behavior which undermines the authority of management and increases the security risks of those they work with.

But Searle and Rice say managers can help reduce this behavior by introducing the five core skills. These are: being fair and consistent with HR procedures and people during times of change; creating a system of organizational citizenship in which reporting counterproductive working behavior is considered a protective measure rather than a punishment; communicating change initiatives transparently, consistently, regularly and collaboratively; adapting change initiatives in response to assessments of individual, team and organizations vulnerability; and managers leading by example.

Rice, from Coventry University’s Centre for Trust Peace and Social Relations, said: “There are many examples of high-profile companies which have made the headlines following employee sabotage. It is vitally important to understand how these situations come about: the types of employee who might resort to these behaviors; why it happens and how managers’ actions can prevent this happening.

“Our aim was to provide a framework to predict, identify and mitigate counterproductive work behavior and insider threat within the context of organizational change.

“We found examples of team and managerial distrust that led to employees withdrawing their effort from organizations and in some cases even bred revenge behavior.”

Searle, from the Adam Smith Business School at University of Glasgow, said: “Critically, our results showed that such outcomes were often an unforeseen consequence of an existing ‘need to know’ security culture and in part, the perceived heavy-handedness of HR and security teams with whom staff felt reluctant to share concerns.”

See the report and other resources at the CREST website.