Introduction
For many organisations, insider threat feels remote, something that happens elsewhere, under unusual circumstances, involving unusual people. That sense of distance is comforting. It taps into a well-documented psychological tendency in human nature: we assume that rare or uncomfortable risks are more likely to affect others than ourselves.
This cognitive bias allows leaders to maintain confidence in their staff and faith in their organisational culture. Yet comfort is also the greatest vulnerability. It creates blind spots, obscures early warning signs or red flags, and encourages overconfidence in systems that were never designed to detect changes in people over time.
According to the 2025 research conducted by the National Protective Security Authority (NPSA), only 20% of senior decision-makers view insiders as a threat to their organisation, and nearly 70% do not believe their assets are at risk. Most leaders hold insider threat with low urgency, not because they think it is irrelevant, but because they assume it is improbable. Beneath this sits a deeper discomfort: the reluctance to imagine that “their people”, trusted colleagues, long-serving staff, high performers, might intentionally or unintentionally cause harm.
This discomfort shapes culture, governance and decision-making. It influences the language leaders will accept, the policies they will endorse, and the level of investment they are willing to make. Understanding this psychology is key because insider threat is a human issue, not a technology or compliance one. It demands honest conversations about human behaviour, culture, trust and leadership accountability.
The psychology behind underestimating insider threat
Every employment relationship rests on two contracts: the formal employment contract and the fragile, unwritten psychological contract also known as quid pro quo, shaped by fairness, purpose, respect and perceived organisational support. When psychological contract is upheld, people thrive. When it weakens or breaks, behaviour changes. Engagement drops. Performance declines. Trust erodes. And in some cases, harmful actions follow.
Leaders often underestimate insider threat because it forces them to consider that:
- Familiarity is not a safeguard, knowing someone well does not guarantee insight into their stressors, motivations, pressures or grievances.
- Culture cannot eliminate risk, even positive cultures produce employees who experience hardship, resentment or coercion.
- Trust is not static, personal circumstances change, sometimes rapidly, influencing judgment and behaviour.
- Human behaviour is not predictable, it is influenced by psychological, social, financial and other factors.
This creates familiarity blindness: the belief that insider threat is incompatible with “how things work here.”
NPSA data shows another layer to this overconfidence. 84% of leaders feel confident they can prevent and respond to insider incidents, yet only 57% have formal, consistently followed policies and procedures.
Confidence thrives where scrutiny is absent.
Why fraud controls are accepted but insider threat programs are resisted
Organisations readily implement anti-fraud, anti-corruption, probity and whistleblowing frameworks. These are expected, widely understood and rarely controversial. They address behaviour not the person.
Insider threat, by contrast, is perceived as personal. It shifts the frame from “controlling wrongdoing” to “scrutinising people.” This triggers organisational defensiveness because it feels like mistrust.
Yet the reality is inescapable: fraud, theft, IP loss, leaking information, sabotage and conflicts of interest are all insider threat behaviours.
The discomfort lies not in the actions themselves, but in the language and terminology. NPSA found that the term “insider threat” is viewed unfavourably by non-security professionals and can create resistance before the conversation even begins.
This is why reframing matters. Organisations engage more willingly when insider threat is positioned as:
- a component of protecting people and mission
- a duty of care
- a trusted workforce initiative
- an organisational resilience measure
- part of ensuring ongoing suitability and wellbeing.
Language matters. Reframing does not dilute the seriousness it removes unnecessary cultural friction.
Overconfidence and the illusion of safety
Across sectors, leaders place disproportionate faith in point-in-time controls:
- pre-employment screening
- onboarding
- background checks
- HR processes
- cyber access controls
- offboarding.
These controls are necessary but limited. Many insider threat incidents occur after the employment relationship has matured, when personal pressures escalate, when conflict arises, or when the psychological contract fractures.
The psychological contract can break for many reasons: feeling undervalued or disrespected, experiencing financial hardship, being overlooked for opportunities, micromanaged, facing personal stress or encountering poor leadership. When it breaks, risk increases. And without appropriate oversight, organisations simply do not see the early indicators.
As NPSA notes, only 14% of leaders prioritise insider threat compared to cyber-attacks. This low prioritisation leads to piecemeal approaches, siloed responses and misplaced confidence that existing systems are sufficient.
Comfort becomes complacency.
Introducing the Insider Threat Program: A structured, coordinated solution
While insider threat is deeply rooted in culture and human behaviour, mitigating it requires more than individual controls or isolated functions. At some point, organisations must move from recognising insider threat as a problem to managing it through a structured, coordinated approach.
This is where an insider threat program comes in: a dedicated, tailored, organisation-wide capability designed to proactively identify, assess and manage insider-related risks across the entire employee lifecycle.
When “everyone owns it” means no one owns it
Insider threat is inherently multidisciplinary. It touches HR, Security, Cyber, Legal, Risk, Governance and Executive leadership. Yet without a dedicated home, it becomes:
- fragmented
- inconsistent
- reactive
- poorly coordinated
- vulnerable to blind spots.
This is the central challenge: when ownership is diffuse, accountability dissolves. Each function sees only part of the picture, and crucial behavioural indicators go unnoticed.
This mirrors how cybersecurity, workplace safety and privacy once functioned: scattered, inconsistent and under-resourced until regulatory and organisational maturity demanded clear leadership, defined responsibilities and dedicated structures.
Insider threat programs are now at that same evolutionary stage.
A dedicated insider threat or trusted workforce program:
- integrates behavioural and technical indicators
- coordinates cross-functional action
- provides governance and oversight
- identifies gaps across the employee lifecycle
- ensures proportionate, risk-appropriate measures
- reports to executive leadership
- strengthens compliance.
This structural clarity transforms insider threat from a niche security issue into an enterprise-wide priority.
Seeing what’s hidden: Leadership blind spots in insider threat
Leaders rarely deprioritise insider threat because they believe it is unimportant. They deprioritise it because it feels abstract. NPSA’s findings indicate that leaders shift from abstraction to action when they understand:
- how insider threat could affect their specific organisation
- which assets or functions would be compromised
- what financial and reputational costs would result
- how peer organisations have been impacted
- how insider events unfold in real time.
This is why simulations, case studies and contextualised scenarios are powerful. They make the threat tangible, relatable and urgent.
NPSA’s Asset Cost Estimation Tool can quantify impact, making the consequences impossible to dismiss. Peer-to-peer recommendations, industry briefings and regulator expectations further increase leadership engagement.
Leaders respond to insider threat when it is positioned as an organisational risk, not a security program.
Engaging leaders effectively: What the research tells us
NPSA found several factors that reliably influence leader engagement:
- Specificity influences action: leaders engage more with defined risks than broad categories.
- Financial and reputational impact drives prioritisation: these are consistently the strongest motivators.
- Integrated governance builds credibility: insider threat gains legitimacy when embedded in enterprise risk management.
- Peer influence shapes expectations: leaders benchmark against others in their sector.
- Proportionate, tailored solutions reduce resistance: leaders prefer risk-based programs over gold-standard complexity.
These insights reveal a clear truth: leadership engagement improves when insider threat feels relevant, manageable and aligned with organisational priorities.
Toward a trusted workforce: A Pentagram perspective
Organisations that successfully manage insider threat treat it as a component of creating a trusted workforce not an admission of mistrust.
The most mature organisations:
- focus on clarity, transparency and proportionality
- explain why checks exist and how privacy is protected
- treat suitability as dynamic, not static
- support people through change and hardship
- integrate insider threat with cultural, governance and wellbeing initiatives
- adopt language that reinforces trust, not suspicion.
Insider threat programs framed this way become enablers of organisational care. They uphold psychological safety. They reinforce fairness. They protect both the mission and the people who deliver it.
This is the essence of a trusted workforce: not blind faith, but informed trust.
Conclusion: Trust without safeguards is hope – and hope is not a strategy
Insider threat is not about doubting staff. It is about understanding human behaviour, acknowledging organisational realities and accepting leadership responsibility for building structures that protect people, assets and mission. Leaders must shift from familiarity-driven confidence to evidence-informed preparedness.
A trusted workforce is created through governance, early intervention, transparency and accountability – not assumptions that insider incidents are unlikely.
When organisations let go of the comforting illusion that “it won’t happen here,” they gain the clarity to ensure it is far less likely to happen here.
