Affiliation:
1. Department of Computing, Worcester Business School, University of Worcester, Worcester WR1 3AS, UK
2. School of Computing and Information Sciences, Anglia Ruskin University, Cambridge CB1 1PT, UK
Abstract
Insider threats pose significant challenges to organizations, seriously endangering information security and privacy protection. These threats arise when employees with legitimate access to systems and databases misuse their privileges. Such individuals may alter, delete, or insert data into datasets, sell customer or client email addresses, leak strategic company plans, or transfer industrial and intellectual property information. These actions can severely damage a company’s reputation, result in revenue losses and loss of competitive advantage, and, in extreme cases, lead to bankruptcy. This study presents a novel solution that examines how organizational factors such as job satisfaction and security, organizational support, attachment, commitment, involvement in information security, and organizational norms influence employees’ attitudes and intentions, thereby mitigating insider threats. A key strength of this research is its integration of two foundational theories: the Social Bond Theory (SBT) and the Theory of Planned Behavior (TPB). The results reveal that job satisfaction and security, affective and normative commitment, information security training, and personal norms all contribute to reducing insider threats. Furthermore, the findings indicate that employees’ attitudes, perceived behavioral control, and subjective norms significantly influence their intentions to mitigate insider threats. However, organizational support and continuance commitment were not found to have a significant impact.