In today’s increasingly digital operating environments, organisations rely more than ever on technological solutions and artificial intelligence (AI) to monitor insider threats. Sophisticated systems now track access to data, analyse sentiment, and detect behavioural anomalies. While AI can analyse data patterns and flag deviations from the norm, it lacks the nuanced, contextual understanding that humans bring.
Often, by the time a technology-based system detects behavioural indicators, it is already too late to prevent an insider threat. Despite their sophistication, these tools cannot replace the human ability to observe early warning signs – subtle shifts in a person’s demeanour, habit, written language, performance, or conduct that may signal risk while there is still time to intervene or offer help. Supervisors and co-workers who interact with colleagues daily are uniquely positioned to notice these early signs – often well before any algorithm detects a red flag.
Despite many organisations having reporting policies in place, insider threat reviews often reveal that someone noticed something, but either failed to report it or their report was mishandled. This highlights a critical gap between policy and practice – one that organisations cannot afford to ignore.
In this article, we will explore how organisations can improve their approach to identifying and managing insider threats by strengthening one of the most underutilised tools in their arsenal: workplace reporting. We will also examine how language – consciously or unconsciously – shapes our perceptions of reporting, and how better linguistic framing can foster a more responsive and resilient organisational culture.
What does ‘reporting’ really mean?
The formal nature of reporting is reflected in dictionary definitions. The Cambridge Dictionary defines reporting as “to make a complaint to a person in authority about something or someone.” The Oxford English Dictionary expands on this by describing reporting as “an account of a situation, event, etc., brought by one person to another, especially as the result of an investigation.” Across these definitions, reporting is consistently associated with formality, structure, and accountability.
Yet when applied to people and behaviour, the term becomes more complex – often emotionally charged. Reporting a water spill in the kitchen is straightforward. Reporting a colleague’s concerning behaviour? That is where the uncertainty creeps in. Often, it is not about something concrete or tangible, but rather a sixth sense. It may be the absence of the usual or the presence of the unusual in the situation. These signs may be observed, even felt, yet are difficult to categorise.
Doubt inevitably follows: Am I imagining things? Will this be taken seriously? What if my concerns are dismissed – then what? Raising a concern requires both bravery and integrity. It means placing trust in another person, and in the organisation itself. I speak from experience – most of us, at some point, have faced this kind of moral dilemma.
Reporting as a workplace psychological and cultural challenge
Understanding why individuals hesitate to report their concerns requires delving into the intersection of psychology, social dynamics, and workplace culture. While formal reporting mechanisms may exist, their effectiveness depends on employees feeling both psychologically safe and culturally supported to use them.
Reporting behaviours, particularly when they involve fellow employees, are rarely objective or mechanical. They are shaped by personal values, social identity, and emotional discomfort. Employees may worry about misinterpreting what they have noticed or being seen as disloyal. In closely connected teams, loyalty to peers can make the idea of reporting feel like betrayal.
Others may rationalise their silence by assuming that someone else, perhaps someone more senior, will raise the concern, a behaviour known as the bystander effect. This hesitation can stem from a desire to conform to group norms or fear of disrupting team cohesion. The consequences of the bystander effect within an organisation can be severe, affecting cultural, financial, and reputational aspects.
Dr Eric Lang, in his Seven (Science-Based) Commandments for Understanding and Countering Insider Threats, identifies several barriers that commonly inhibit reporting.
These include:
- Socialisation and cultural norms, such as the stigma around “snitching” or beliefs like “you don’t dob in your mates.”
- Peer loyalty, where individuals feel compelled to protect one another, even in ethically ambiguous situations.
- Concerns about consequences, particularly the fear of someone unjustly losing their job.
- Fear of retaliation, whether subtle or overt, from the subject of the report, their manager, or the organisation.
- Diffusion of responsibility, where individuals assume someone else is better positioned or more obligated to report.
These barriers reinforce a workplace silence where concerns go unspoken – not due to apathy, but due to competing emotional, social, and cultural pressures.
Another significant challenge is the lack of visible follow-up. When staff take the step to report a concern but receive no acknowledgement or feedback, it can undermine their trust in the process. Over time, this silence fosters disengagement and cynicism. The perceived futility of reporting can become self-reinforcing, weakening organisational resilience.
The power of language
This is where psycholinguistics becomes especially relevant, as language matters. The words we choose and the way we communicate can shape perceptions, emotions, and ultimately behaviour. Terms like “snitch,” “dob in,” or even “whistleblower” often carry negative connotations.
These words frame the act of reporting as betrayal or disloyalty, triggering feelings of shame, social exclusion, or moral discomfort. In contrast, alternative phrases such as “raising a concern,” “seeking support,” or “flagging behaviour” introduce more neutral, and even supportive, connotations. These subtle shifts in language can reframe the emotional experience of reporting, making individuals more likely to take action.
Research in psycholinguistics confirms that language influences how people interpret risk, respond emotionally, and decide whether to act. If organisations want employees to report early, often, and with confidence, they can consider removing the psychological sting from the vocabulary of reporting.
12 key steps for strengthening reporting
To make reporting a reliable and effective component of an insider threat program, organisations should implement the following steps:
1. Demonstrate genuine leadership commitment: effective reporting starts at the top. Leaders must do more than just approve policies – they must champion them.
2. Define what to report: help employees recognise which behavioural indicators or changes should be reported.
3. Clarify how and to whom to report: provide simple, easily accessible guidance on who to contact, what channels to use (e.g. digital tools, direct supervisors, anonymous options), and when to raise a concern.
4. Explain what happens next: outline what occurs after a report is submitted. Clarify how it is reviewed, who is involved, and what follow-up can be expected. Transparency reduces uncertainty and fear.
5. Make the process non-punitive: ensure the reporting system protects employees from retaliation.
6. Promote psychological safety: cultivate a culture where people feel safe to raise concerns. Encourage curiosity, care, and early intervention, without fear of judgement or dismissal.
7. Reframe the language: replace loaded terms with neutral, supportive language like “sharing a concern” or “flagging a change.” This reduces emotional friction and makes action feel safer.
8. Educate and train: embed training into onboarding, leadership development, and annual refreshers. Go beyond process by teaching how to report empathetically and constructively.
9. Test understanding: use scenarios, roleplay, or simulations to check whether staff and supervisors understand the reporting process and feel confident using it.
10. Emphasise shared responsibility: frame reporting as an act of care, personal responsibility and collective protection – not blame.
11. Close the loop: where appropriate and feasible, acknowledge reports and provide feedback. Consistent follow-ups build confidence.
12. Use reporting data as a cultural barometer: track reporting trends to identify patterns, risk areas, or cultural shifts. Reporting data reveals more than incidents—it offers insights into the health of your organisational culture.
Final thoughts: empowering people to protect people
The most effective insider threat programs are not those that rely solely on surveillance tools or monitoring software. They are grounded in trust, open communication, and a workplace culture that prioritises care for the organisation’s most critical asset–its people.
Reporting–when clearly understood, actively supported, and deeply embedded—is not merely a mechanism for identifying risk; it is a way to provide timely support to people.
After all, human intuition, developed over thousands of years of social interaction, remains our most reliable early warning system. The challenge now is to create the conditions where human intuition is valued and acted upon.
The author of this article, Marina Shteinberg, is a leading expert in critical infrastructure security, insider threat mitigation, and supply chain resilience. With over 25 years of experience across government and industry, Marina is the Director and Co-founder of Pentagram Advisory. She has held senior roles in national security policy, regulatory reform, and personnel security, including 12 years with the Australian Government. Marina has an academic background in international relations, economics, linguistics and law, and a strong personal interest in psychology, which informs her nuanced understanding of human risk and organisational behaviour. A certified Critical Pathway to Insider Risk Advanced Practitioner, she brings deep insight into human risk, organisational culture, and strategic security leadership.