Motivation and opportunity based model to reduce information security insider threats in organisations

Nader Sohrabi Safa, Carsten Maple, Tim Watson, Rossouw Von Solms

Research output: Contribution to journalArticlepeer-review

55 Citations (Scopus)


Information technology has brought with it many advantages for organisations, but information security is still a major concern for organisations which rely on such technology. Users, whether with intent or through negligence, are a great source of potential of risk to information assets. A lack of awareness, negligence, resistance, disobedience, apathy and mischievousness are root causes of information security incidents in organisations. As such, insider threats have attracted the attention of a number of experts in this domain. Two particularly important considerations when exploring insider threats are motivation and opportunity. Two fundamental theories relating to these phenomena, and on which the research presented in this paper relies, are Social Bond Theory (SBT), which can be used to help undermine motivation to engage in misbehaviour, and Situational Crime Prevention Theory (SCPT), which can be used to reduce opportunities for misbehaviour. The results of our data analysis show that situational prevention factors such as increasing the effort and risk involved in a crime, reducing the rewards and removing excuses can significantly promotes the adoption of negative attitudes towards misbehaviour, though reducing provocations does not have any effect on attitudes. Further, social bond factors such as a commitment to organisational policies and procedures, involvement in information security activities and personal norms also significantly promotes the adoption of negative attitudes towards misbehaviour. However, attachment does not significantly promote an attitude of misbehaviour avoidance on the part of employees. Finally, our findings also show that a negative attitude towards misbehaviour influences the employees’ intentions towards engaging in misbehaviour positively, and this in turn reduces insider threat behaviour. The outputs of this study shed some light on factors which play a role in reducing misbehaviour in the domain of information security for academics and practitioners.

Original languageEnglish
Pages (from-to)247-257
Number of pages11
JournalJournal of Information Security and Applications
Early online date5 Mar 2018
Publication statusPublished - 1 Jun 2018
Externally publishedYes


  • Human factors
  • Information security
  • Insider threat
  • Organisation
  • Risk

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Motivation and opportunity based model to reduce information security insider threats in organisations'. Together they form a unique fingerprint.

Cite this