SoK: The Psychology of Insider Threats

Authors

DOI:

https://doi.org/10.4108/eetss.v9i1.9298

Keywords:

cybercrime, organizational security, security incident, personality traits, systematic literature review

Abstract

This paper presents a systematic literature review on the psychology of insider threats—security risks originating from individuals within organizations. While this is a well-established research area, psychological perspectives remain underdeveloped. The extended version adds background to better contextualize the role of personality traits, psychological states, and situational factors in insider threats. The paper also highlights research gaps and the need for stronger theoretical foundations in this domain.

References

[1] Ruohonen, J. and Saddiqa, M. (2025) What Do We Know About the Psychology of Insider Threats. In Forthcoming (in press) in the Proceedings of the 15th EAI International Conference on Digital Forensics & Cyber Crime (EAI ICDF2C 2024), Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (Volume 613) (Dubrovnik: Springer).

[2] Mathews, R. (2017) Interrogating “Privacy” in a World Brimming with High Political Entanglements, Surveillance, Interdependence & Interconnections. Health and Technology 7: 265–324.

[3] Ruohonen, J., Hjerppe, K. and von Zastrow, M. (2024) An Exploratory Case Study on Data Breach Journalism. In Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES 2024) (Vienna: ACM): 1–9.

[4] Elmrabit, N., Yang, S., Yang, L. and Zhou, H. (2020) Insider Threat Risk Prediction Based on Bayesian Network. Computers & Security 96: 101908.

[5] CISA (2023) Zero Trust Maturity Model. Cybersecurity & Infrastructure Security Agency (CISA) of the United States. Available online in July 2024: https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf.

[6] Santos, E., Nguyen, H., Yu, F., Kim, K.J., Li, D., Wilkinson, J.T., Olson, A. et al. (2012) Intelligence Analyses and the Insider Threat. IEEE Transactions on Systems, Man, and Cybernetic – Part A: Systems and Humans 42(2): 331–347.

[7] Sarkar, K.R. (2010) Assessing Insider Threats to Information Security Using Technical, Behavioural and Organisational Measures. Information Security Technical Report 15: 112–133.

[8] Sokolowski, J.A., Banks, C.M. and Dover, T.J. (2016) An Agent-Based Approach to Modeling Insider Threat. Computational and Mathemtical Organization Theory 22: 273–287.

[9] Zaytsev, A., Malyuk, A. and Miloslavskaya, N. (2017) Critical Analysis in the Research Area of Insider Threats. In Proceedings of the IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud) (Prague: IEEE): 288–296.

[10] Gheyas, I.A. and Abdallah, A.E. (21016) Detection and Prediction of Insider Threats to Cyber Security: A Systematic Literature Review and Meta-Analysis. Big Data Analytics 1(6): 1–29.

[11] Marbut, A.R. and Harms, P.D. (2024) Fiends and Fools: A Narrative Review and Neo-Socioanalytic Perspective on Personality and Insider Threats. Journal of Business and Psychology 39: 679–696.

[12] Akello, B.O. (2024) Organizational information security threats: Status and challenges. World Journal of Advanced Engineering Technology and Sciences 11(1): 148–162.

[13] Alzaabi, F.R. and Mehmood, A. (2024) A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access 12: 30907–30927.

[14] Al-Shehari, T.A., Rosaci, D., Al-Razgan, M., Alfakih, T., Kadrie, M., Afzal, H. and Nawaz, R. (2024) Enhancing insider threat detection in imbalanced cybersecurity settings using the density-based local outlier factor algorithm. IEEE Access 12: 34820–34834.

[15] Lavanya, P. and Shankar Sriram, V. (2022) Detection of insider threats using deep learning: A review. Computational Intelligence in Data Mining: Proceedings of ICCIDM 2021 : 41–57.

[16] Prabhu, S. and Thompson, N. (2022) A Primer on Insider Threats in Cybersecurity. Information Security Journal: A Global Perspective 31(5): 602–611.

[17] Alcover, C.M., Rico, R., Turnley, W.H. and Bolino, M.C. (2017) Understanding the changing nature of psychological contracts in 21st century organizations: A multiple-foci exchange relationships approach and proposed framework. Organizational Psychology Review 7(1): 4–35.

[18] Gioe, D.V. and Hatfield, J.M. (2021) A damage assessment framework for insider threats to national security information: Edward snowden and the cambridge five in comparative historical perspective. Cambridge Review of International Affairs 34(5): 704–738.

[19] Anderson, P.D. (2022) On moderate and radical government whistleblowing: Edward snowden and julian assange as theorists of whistleblowing ethics. Journal of media ethics 37(1): 38–52.

[20] Schoenherr, J.R., Lilja-Lolax, K. and Gioe, D. (2022) Multiple approach paths to insider threat (map-it): Intentional, ambivalent and unintentional insider threats. Counter-Insider Threat Research and Practice 1(1).

[21] Jones, L.A. et al. (2024) Unveiling human factors: Aligning facets of cybersecurity leadership, insider threats, and arsonist attributes to reduce cyber risk. SocioEconomic Challenges 8(2): 44–63.

[22] Goel, S., Williams, K. and Zavoyskiy, S. (2016) Stopping insiders before they attack: Understanding motivations and drivers .

[23] Shah, S.I., Shahjehan, A. and Afsar, B. (2022) Leading machiavellians on the road to better organizational behavior. Personnel Review 51(5): 1604–1626.

[24] Freeman, D., Garety, P.A., Kuipers, E., Fowler, D. and Bebbington, P.E. (2002) A cognitive model of persecutory delusions. British Journal of Clinical Psychology 41(4): 331–347.

[25] Saxena, N., Hayes, E., Bertino, E., Ojo, P., Choo, K.K.R. and Burnap, P. (2020) Impact and key challenges of insider threats on organizations and critical businesses. Electronics 9(9): 1460.

[26] Dugo, T. (2007) The insider Threat to Organizational Information Security: A Structural Model and Empirical Test. Ph.D. thesis.

[27] Jurrens, R.D. (2013) Fool me once: Us v. aleynikov and the theft of trade secrets clarification act of 2012. Berkeley Tech. LJ 28: 833.

[28] Rice, C. and Searle, R.H. (2022) The enabling role of internal organizational communication in insider threat activity–evidence from a high security organization. Management Communication Quarterly 36(3): 467–495.

[29] Nightingale, A. (2009) A Guide to Systematic Literature Reviews. Surgery 27(9): 381–384.

[30] Kitchenham, B. and Brereton, P. (2013) A Systematic Review of Systematic Review Process Research in Software Engineering. Information and Software Technology 55: 2049–2075.

[31] Hiebl, M.R.W. (2023) Sample Selection in Systematic Literature Reviews of Management Research. Organizational Research Methods 26(2): 229–261.

[32] Petersen, K., Feldt, R., Mujtaba, S. and Mattson, M. (2008) Systematic Mapping Studies in Software Engi- neering. In Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineer- ing (EASE) (Italy: BCS Learning & Development Ltd.): 68–77.

[33] Greitzer, F.L., Strozer, J.R., Cohen, S., Moore, A.P., Mundie, D. and Cowley, J. (2014) Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits. In Proceedings of the IEEE Security and Privacy Workshops (IEEE): 236–250.

[34] Lahcen, R.A.M., Caulkins, B., Mohapatra, R. and Kumar, M. (2020) Review and Insight on the Behavioral Aspects of Cybersecurity. Cybersecurity 3: 1–18.

[35] Carroll, T.E., Greitzer, F.L. and Roberts, A.D. (2014) Security Informatics Research Challenges for Mitigating Cyber Friendly Fire. Security Informatics 13: 1–14.

[36] Harms, P., Marbut, A., Johnston, A.C., Lester, P. and Fezzey, T. (2022) Exposing the Darkness Within: A Review of Dark Personality Traits, Models, and Measures and Their Relationship to Insider Threats. Journal of Information Security and Applications 71: 103378.

[37] Renaud, K., Warkentin, M., Pogrebna, G. and van der Schyff, K. (2024) VISTA: An Inclusive Insider Threat Taxonomy, With Mitigation Strategies. Information & Management 61: 103877.

[38] Uebelacker, S. and Quiel, S. (2014) The Social Engineering Personality Framework. In Proceedings of the Workshop on Socio-Technical Aspects in Security and Trust (Vienna: IEEE): 24–30.

[39] Ruohonen, J., Hjerppe, K. and Kortesuo, K. (2024) Crisis Communication in the Face of Data Breaches. Archived manuscript. Available online in June: https://arxiv.org/abs/2406.01744.

[40] Chan, D.K. (2008) Introduction: Moral Psychology Today. In Chan, D.K. [ed.] Moral Psychology Today: Essays on Values, Rational Choice, and the Will (Cham: Springer).

[41] Azaria, A., Richardson, A., Kraus, S. and Subrahmanian, V.S. (2014) Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data. IEEE Transactions on Computational Social Systems 1(2): 135–155.

[42] Køien, G.M. (2019) Why Cryptosystems Fail Revisited. Wireless Personal Communication 106: 85–117.

[43] Safa, N.S., Maple, C., Furnell, S., Azad, M.A., Perera, C., Dabbagh, M. and Sookhak, M. (2019) Deterrence and Prevention-Based Model to Mitigate Information Security Insider Threats in Organisations. Future Generation Computer Systems 97: 587–597.

[44] Safa, N.S., Maple, C., Watson, T. and Von Solms, R. (2018) Motivation and Opportunity Based Model to Reduce Information Security Insider Threats in Organisations. Journal of Information Security and Applications 40: 247–257.

[45] Lee, D., Lallie, H.S. and Michaelides, N. (2023) The Impact of an Employee’s Psychological Contract Breach on Compliance with Information Security Policies: Intrinsic and Extrinsic Motivation. Cognition, Technology & Work 25: 273–289.

[46] Sokolowski, J.A. and Banks, C.M. (2015) An Agent Based Approach to Modeling Insider Threat. In Proceedings of the Symposium on Agent-Directed Simulation (San Diego: ACM): 36–41.

[47] Willison, R. and Backhouse, J. (2006) Opportunities for Computer Crime: Considering Systems Risk from a Criminological Perspective. European Journal of Information Systems 15: 403–414.

[48] Farahmand, F. and Spafford, E.H. (2013) Understanding Insiders: An Analysis of Risk-Taking Behavior. Information Systems Frontiers 15: 5–15.

[49] Harrison, A., Summers, J. and Mennecke, B. (2018) The Effects of the Dark Triad on Unethical Behavior. Journal of Business Ethics 153: 53–77.

[50] Mekonnen, S., Padayachee, K. and Meshesha, M. (2015) A Privacy Preserving Context-Aware Insider Threat Prediction and Prevention Model Predicated on the Components of the Fraud Diamond. In Proceedings of the Annual Global Online Conference on Information and Computer Technology (GOCICT) (Louisville: IEEE): 60–65.

[51] Othman, R. and Ameer, R. (2022) In Employees We Trust: Employee Fraud in Small Businesses. Journal of Management Control 33: 189–213.

[52] Kisenasamy, K., Perumal, S., Raman, V. and Singh, B.S.M. (2022) Influencing Factors Identification in Smart Society for Insider Threat in Law Enforcement Agency Using a Mixed Method Approach. International Journal of System Assurance Engineering and Management 13(Suppl 1): 236–251.

[53] Dong, B., Chernov, S. and Akpina, K.O. (2024) Legal Aspects of Corporate Systems for Preventing Cybercrime Among Personnel. Crime, Law and Social Change 81: 75–96.

[54] Martinez-Moyano, I.J., Rich, E.H., Conrad, S.H. and Andersen, D.F. (2006) Modeling the Emergence of Insider Threat Vulnerabilities. In Proceedings of the Winter Simulation Conference (Monterey: IEEE): 562– 568.

[55] Sticha, P.J. and Axelrad, E.T. (2016) Using Dynamic Models to Support Inferences of Insider Threat Risk. Computational and Mathemtical Organization Theory 22: 350–381.

[56] Fishbein, M. and Ajzen, I. (1977) Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research. Philosophy and Rhetoric 10(2): 130–132.

[57] Dupuis, M. and Khadeer, S. (2016) Curiosity Killed the Organization: A Psychological Comparison Between Malicious and Non-Malicious Insiders and the Insider Threat. In Proceedings of the 5th Annual Conference on Research in Information Technology (Boston: ACM): 35– 40.

[58] Binns, C.A. and Kempf, R.J. (2021) Background Checks: The Theories Behind the Process. Security Journal 34: 776–801.

[59] Gill, M. and Crane, S. (2017) The Role and Importance of Trust: A Study of the Conditions that Generate and Undermine Sensitive Information Sharing. Security Journal 30: 734–748.

[60] Munshi, A., Dell, P. and Armstrong, H. (2021) Insider Threat Behavior Factors: A Comparison of Theory With Reported Incidents. In Proceedings of the 45th Hawaii International Conference on System Sciences (Maui: IEEE): 2402–2411.

[61] Moore, A.P., Cassidy, T.M., Theis, M.C., Bauer, D., Rousseau, D.M. and Moore, S.B. (2018) Balancing Organizational Incentives to Counter Insider Threat. In Proceedings of the IEEE Security and Privacy Workshops (SPW) (IEEE): 237–246.

[62] Prins, S.J. and Reich, A. (2018) Can We Avoid Reductionism in Risk Reduction? Theoretical Criminology 22(2): 258–278.

[63] Ahmad, M.B., Saeed-ur-Rehman, Akram, A. and Asif, M. (2014) Towards a Realistic Risk Assessment Methodology for Insider Threats of Information Misuse. In Proceedings of the 12th International Conference on Frontiers of Information Technology (Islamabad: IEEE): 176–181.

[64] Faresi, A.A. and Wijesekera, D. (2011) Preemptive Mechanism to Prevent Health Data Privacy Leakage. In Proceedings of the International Conference on Management of Emergent Digital EcoSystems (San Francisco: ACM): 17–24.

[65] Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T. and Whitty, M. (2014) Understanding Insider Threat: A Framework for Characterising Attacks. In Proceedings of the IEEE Security and Privacy Workshops (San Jose: IEEE): 214– 228.

[66] Sanders, G.L., Upadhyaya, S. and Wang, X. (2019) Inside the Insider. IEEE Engineering Management Review 47(2): 84–91.

[67] D’Arcy, J. and Hovav, A. (2009) Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures. Journal of Business Ethics 89: 59–71.

[68] Al tabash, K. and Happa, J. (2018) Insider-Threat Detection Using Gaussian Mixture Models and Sensitivity Profiles. Computers & Security 77: 838–859.

[69] Dalal, R.S., Howard, D.J. and Brummel, B.J. (2022) Organizational Science and Cybersecurity: Abundant Opportunities for Research at the Interface. Journal of Business and Psychology 37: 1–29.

[70] Ho, S.M. and Benbasat, I. (2014) Dyadic Attribution Model: A Mechanism to Assess Trustworthiness in Virtual Organizations. Journal of the Association for Information Science and Technology 65(8): 1555–1576.

[71] Axelrad, E.T., Sticha, P.J., Brdiczka, O. and Shen, J. (2023) A Bayesian Network Model for Predicting Insider Threats. In Proceedings of the IEEE Security and Privacy Workshops (San Francisco: IEEE): 82–89.

[72] Sepehrzadeh, H. (2023) A Method for Insider Threat Assessment by Modeling the Internal Employee Inter- actions. International Journal of Information Security 22: 1385–1393.

[73] Petkus, D.D. (2010) Ethics of Human Intelligence Operations: Of MICE and Men. International Journal of Intelligence Ethics 1(1): 97–121.

[74] Whitelaw, F., Riley, J. and Elmrabit, N. (2024) A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services. IEEE Access 12: 34752–34768.

[75] Greitzer, F.L. and Purl, J. (2022) The Dynamic Nature of Insider Threat Indicators. SN Computer Science 3: 1– 15.

[76] Alhajjar, E. and Bradley, T. (2022) Survival Analysis for Insider Threat. Computational and Mathematical Organization Theory 28: 335–351.

[77] Basu, S., Chua, Y.H.V., Lee, M.W., Lim, W.G., Maszczyk, T., Guo, Z. and Dauwels, J. (2018) Towards a Data-Driven Behavioral Approach to Prediction of Insider-Threat. In Proceedings of the IEEE International Conference on Big Data (Big Data) (Seattle: IEEE): 4994– 5001.

[78] Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Bart, E. et al. (2012) Proactive Insider Threat Detection Through Graph Learning and Psychological Context. In Proceedings of the IEEE Symposium on Security and Privacy Workshops (San Francisco: IEEE): 142–149.

[79] Brown, C.R., Watkins, A. and Greitzer, F.L. (2013) Predicting Insider Threat Risks Through Linguistic Analysis of Electronic Communication. In Proceedings of the 46th Hawaii International Conference on System Sciences (Wailea: IEEE): 1849–1858.

[80] Chi, H., Scarllet, C., Prodanoff, Z.G. and Hubbard, D. (2016) Determining Predisposition to Insider Threat Activities by Using Text Analysis. In Proceedings of the Future Technologies Conference (FTC) (San Francisco: IEEE): 985–990.

[81] Duan, S., Yuan, J. and Wang, B. (2024) Contextual Feature Representation for Image-Based Insider Threat Classification. Computers & Security 140: 103779.

[82] Eftimie, S., Cotenescu, V., Răcuciu, C. and Glăvan, D. (2021) A Case Study in Anticipating Insider Vulnerabilities Using Psychological Profiling. In Proceedings of the IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom) (Bucharest: IEEE): 1–4.

[83] Ren, X. and Wang, L. (2020) A Hybrid Intelligent System for Insider Threat Detection Using Iterative Attention. In Proceedings of 2020 6th International Conference on Computing and Data Engineering (ACM): 189–194.

[84] Schoenherr, J.R. (2022) Insider Threats and Individual Differences: Intention and Unintentional Motivations. IEEE Transactions on Technology and Society 3(3): 175– 184.

[85] Yang, G., Cai, L., Yu, A., Ma, J., Meng, D. and Wu, Y. (2018) Potential Malicious Insiders Detection Based on a Comprehensive Security Psychological Model. In Proceedings of the IEEE Fourth International Conference on Big Data Computing Service and Applications (BigDataService) (Bamberg): 9–16.

[86] Yousef, R., Jazzar, M., Eleyan, A. and Bejaoui, T. (2023) A Machine Learning Framework & Development for Insider Cyber-Crime Threats Detection. In Proceedings of the International Conference on Smart Applications, Communications and Networking (Smart-Nets) (Istanbul: IEEE): 1–6.

[87] Roy, K.C. and Chen, G. (2024) GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection. IEEE Transactions on Dependable and Secure Computing (Preprint): 1–15.

[88] Goldberg, L.R. (1993) The Structure of Phenotypic Personality Traits. American Psychologist 48(1): 26–34.

[89] Paulhouse, D.L. and Williams, K.M. (2002) The Dark Triad of Personality: Narcissism, Machiavellianism, and Psychopathy. Journal of Research in Personality 36(6): 556–563.

[90] Schoenherr, J.R. and Thomson, R. (2021) The Cybersecurity (CSEC) Questionnaire: Individual Differences in Unintentional Insider Threat Behaviours. In Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) (Dublin: IEEE): 1–8.

[91] Bishop, M., Gates, C., Frincke, D. and Greitzer, F.L. (2009) AZALIA: An A to Z Assessment of the Likelihood of Insider Attack. In Proceedings of the IEEE Conference on Technologies for Homeland Security (Waltham: IEEE): 385–392.

[92] Gamachchi, A. and Boztaş, S. (2015) Web Access Patterns Reveal Insiders Behavior. In Proceedings of the International Workshop on Signal Design and its Applications in Communications (IWSDA) (Bengaluru: IEEE): 70–74.

[93] Li, C., Li, F., Yu, M., Guo, Y., Wen, Y. and Li, Z. (2022) Insider Threat Detection Using Generative Adversarial Graph Attention Networks. In Proceedings of the IEEE Global Communications Conference (GLOBECOM) (Rio de Janeiro: IEEE): 2680–2685.

[94] Block, N.J. and Fodor, J.A. (1972) What Psychological States Are Not. The Philosophical Review 81(2): 159–181.

[95] Szanto, T. and Landweer, H. (2020) Introduction: The Phenomenology of Emotions—Above and Beyond ’What It Is Like to Feel’. In Szanto, T. and Landweer, H. [eds.] The Routledge Handbook of Phenomenology of Emotion (Oxford: Routledge), 1–37.

[96] Khan, N., Houghton, R.J. and Sharples, S. (2022) Understanding Factors That Influence Unintentional Insider Threat: A Framework to Counteract Unintentional Risks. Cognition, Technology & Work 24: 393–421.

[97] Farshadkhah, S., Van Slyke, C. and Fuller, B. (2021) Onlooker Effect and Affective Responses in Information Security Violation Mitigation. Computers & Security 100: 102082.

[98] Kan, X., Fan, Y., Zheng, J., Kudreyko, A., Chi, C., Song, W. and Tregubova, A. (2023) User-Level Malicious Behavior Analysis Model Based on the NMF-GMM Algorithm and Ensemble Strategy. Nonlinear Dynamics 111: 21391–21408.

[99] Jiang, J., Chen, J., Choo, K.R., Liu, K., Liu, C., Yu, M. and Mohapatra, P. (2018) Prediction and Detection of Malicious Insiders’ Motivation Based on Sentiment Profile on Webpages and Emails. In Proceedings of the IEEE Military Communications Conference (MILCOM) (Los Angeles: IEEE): 1–6.

[100] Jiang, J., Chen, J., Gu, T., Choo, K.R., Liu, C., Yu, M., Huang, W. et al. (2019) Warder: Online Insider Threat Detection System Using Multi-Feature Modeling and Graph-Based Correlation. In Proceedings of the IEEE Military Communications Conference (MILCOM) (Nor- folk: IEEE): 1–6.

[101] Legg, P.A., Buckley, O., Goldsmith, M. and Creese, S. (2017) Automated Insider Threat Detection System Using User and Role-Based Profile Assessment. IEEE Systems Journal 11(2): 503–512.

[102] Mittal, A. and Garg, U. (2023) Prediction and Detection of Insider Threat Detection Using Emails: A Comparision. In Proceedings of the Second International Conference on Electrical, Electronics, Information and Communication Technologies (ICEEICT) (Trichirappalli): 1–6.

[103] Soh, C., Yu, S., Narayanan, A., Duraisamy, S. and Chen, L. (2019) Employee Profiling via Aspect-Based Sentiment and Network for Isider Threats Detection. Expert Systems With Applications 135: 351–361.

[104] Osterritter, L. and Carley, K.M. (2021) Conversations Around Organizational Risk and Insider Threat. In Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ACM): 613–621.

[105] Ho, S.M. and Warkentin, M. (2017) Leader’s Dilemma Game: An Experimental Design for Cyber Insider Threat Research. Information Systems Frontiers 19: 377–396.

[106] Ho, S.M., Hancock, J.T., Booth, C., Burmester, M., Liu, X. and Timmarajus, S.S. (2016) Demystifying Insider Threat: Language-Action Cues in Group Dynamics. In Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS) (Koloa: IEEE): 2729–2738.

[107] Alohaly, M., Balogun, O. and Takabi, D. (2022) Integrating Cyber Deception Into Attribute-Based Access Control (ABAC) for Insider Threat Detection. IEEE Access 10: 108965–108978.

[108] Takabi, H. and Jafarian, J.H. (2017) Insider Threat Mitigation Using Moving Target Defense and Deception. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (ACM): 93–96.

[109] Yerdon, V.A., Lin, J., Wohleber, R.W., Matthews, G., Reinerman-Jones, L. and Hancock, P.A. (2022) Eye-Tracking Active Indicators of Insider Threats: Detecting Illicit Activity During Normal Workflow. IEEE Transactions on Engineering Management 69(6): 3838–3847.

[110] Anderson, B.B., Vance, A., Kirwan, C.B., Eargle, D. and Jenkins, J.L. (2016) How Users Perceive and Respond to Security Messages: a NeuroIS Research Agenda and Empirical Study. European Journal of Information Systems 25: 364–390.

[111] Hashem, Y., Takabi, H., Dantu, R. and Nielsen, R. (2017) A Multi-Modal Neuro-Physiological Study of Malicious Insider Threats. In Proceedings of the 2017 International Workshop on Managing Insider Security Threats (Dallas: ACM): 33–44.

[112] Ienca, M., Haselager, P. and Emanuel, E.J. (2018) Brain Leaks and Consumer Neurotechnology. Nature Biotechnology 36(9): 805–810.

[113] Choi, S. and Zage, D. (2012) Addressing Insider Threat Using “Where You Are” as Fourth Factor Authentication. In Proceedings IEEE International Carnahan Conference on Security Technology (ICCST) (Newton: IEEE): 147–153.

[114] Kritika, M. (2024) A Comprehensive Study on Navigating Neuroethics in Cyberspace. AI and Ethics (Published online in May): 1–8.

Downloads

Published

19-06-2025

How to Cite

Saddiqa, M., & Ruohonen, J. (2025). SoK: The Psychology of Insider Threats. EAI Endorsed Transactions on Security and Safety, 9(1). https://doi.org/10.4108/eetss.v9i1.9298