The Effect of Organizational Factors on the Mitigation of Information Security Insider Threats

Insider threats pose significant challenges to organisations, seriously endangering information security and privacy protection. These threats arise when employees with legitimate access to systems and databases misuse their privileges. Such individuals may alter, delete, or insert data into datasets, sell customer or client email addresses, leak strategic company plans, or transfer industrial and intellectual property information. These actions can severely damage a company’s reputation, result in revenue losses and loss of competitive advantage, and, in extreme cases, lead to bankruptcy. This study presents a novel solution that examines how organisational factors such as job satisfaction and security, organisational support, attachment, commitment, involvement in information security, and organisational norms influence employees’ attitudes and intentions, thereby mitigating insider threats. A key strength of this research is its integration of two foundational theories: the Social Bond Theory (SBT) and the Theory of Planned Behaviour (TPB). The results reveal that job satisfaction and security, affective and normative commitment, information security training, and personal norms all contribute to reducing insider threats. Furthermore, the findings indicate that employees’ attitudes, perceived behavioural control, and subjective norms significantly influence their intentions to mitigate insider threats. However, organisational support and continuance commitment were not found to have a significant impact.