Insider threats are a wicked problem because of the definition of an insider and the varied threats such insiders pose. Insiders are people with increased access, knowledge, and trust due to their relationship with an organization. They can be current or former employees, contractors, volunteers, or another affiliate of the organization. There are three types of insider threats: violent, non-violent, and unintentional. Violent threats consist of workplace violence and insider terrorism (a specific type of workplace violence). Non-violent threats include, but are not limited to, sabotage, espionage, intellectual property (IP) theft, and fraud. Unintentional threats are insiders who, without malicious intent, fail to follow security practices due to carelessness or ignorance.
Violent and non-violent insider threats often begin with a precipitating workplace event that the employee perceives as unjust. Employee perceptions are influenced by personal, situational, and organizational factors. This thesis answers three questions:
• How do employees respond to perceived workplace injustices?
• What is the relationship between employee responses to perceived workplace injustices and insider attacks?
• How can organizations prevent disgruntled employees from committing attacks?
How do employees respond to perceived workplace injustices? Based on a thorough literature review, the author created/derived a grievance response model. The model indicates that employees respond in one (or a combination) of four ways. The employee may choose to voluntarily leave the situation (exit), do nothing and remain loyal, voice their complaints using organizational process, or engage in counterproductive work behaviors.
What is the relationship between employee responses to perceived workplace injustices and insider attacks? To answer this question, the researcher analyzed violent and non-violent case studies. The violent cases include original research on 87 type III workplace violence (employee on employee) attacks and three insider terrorism attacks. This original research is compared to a study by Seungmug Lee and Robert McCrie, which had similar results. The non-violent case analysis is derived from four research papers with case studies on insider attacks. The case studies involved sabotage, IP theft, and fraud in the United States. For both the violent and non-violent case studies, the researcher attempted to collect the following data points: employment status at the time of the attack; time span between employment and the attack; if the insider survived the attack; the reason for the grievance; the target of the attack; and if there was a history of psychiatric issues, intellectual disabilities, and criminal convictions. Due to a lack of data and multiple, contradictory, and missing narratives, the researcher could not identify specific i responses.
How can organizations prevent disgruntled employees from committing attacks? Organizations can use the descriptive, not predictive, grievance response model. The model may be used as a guide for organizations to identify what options their employees may be more likely to use. The feasibility of the exit, loyalty, voice, and counterproductive work behaviors (ELVC) options will differ by organization and employee. Organizations should be aware of this and encourage employees to use grievance response options and conflict management styles that result in positive outcomes for both the insider and the organization, such as voice as opposed to counterproductive work behaviors (CWB). Organizations should consider the following questions:
• Is exit a viable option for employees experiencing a perceived injustice?
• Can employees easily exit and maintain a similar status, pay, retirement, and benefits package?
• Is loyalty rewarded?
• Are systems in place for employees to voice grievances?
• How many are there?
• How well known are they to supervisors and employees? How accessible are they?
• Is there an option to involve a neutral third party?
• Are there perceived repercussions for voicing grievances?
• Are CWBs tolerated?
Organizations should ensure grievance procedures are consistent and transparent to all employees. An alternative to grievance systems is the Alternative Dispute Resolution (ADR) program. ADR provides neutral third parties for dispute management, collaborative and respectful techniques to address conflicts, and a safe and confidential environment.
There are three main recommendations derived from this research. Organizations should be aware of the exit, loyalty, voice, and CWB theory as well as positive and negative influences on specific responses to perceived workplace injustices. Organizations should apply ELVC theory to identify how employees are more likely to respond. Organizations should take actions to guide employees toward positive responses and hold them accountable for negative responses; however, organizations should not hold onto poorly performing employees, and employees should not stay in environments they perceive to be unjust if loyalty and voice do not work. Supervisors should talk to employees about how conflict affects them, their perceived options, and the repercussions or potential outcome of each option.
Organizations should immediately revoke physical and cyber access for all employees when they separate voluntarily or involuntarily. Organizations should not ignore employees who perceive they are victims of workplace injustice. These employees should be a starting point for insider threat monitoring. Supervisors and co-workers should recognize and report CWBs. Employees engaging in CWBs should be held accountable. Organizations can prevent disgruntled employees from committing attacks by understanding: why employees become disgruntled (organizational justice and variations of equity theory), how they respond (ELVC theory and conflict management styles), the types of threats they pose, and influential individual and organizational factors.
Organizations should educate and train employees and supervisors and change or create policies, procedures, and cultures that incorporate these recommendations. ADR systems should be credible, allow for employee input, be well-publicized, and involve neutral third parties. People have varying conflict management styles; therefore, having various grievance methods available increases the probability employees will use and perceive the voice response as fair. Organizations must recognize their influence on employee responses to perceived workplace injustices and ability to prevent insider attacks. These recommendations may prevent not only future attacks but also improve employee relationships within their organizations.