ArchiveOODA OriginalSecurity and Resiliency

Is Your Insider Threat Risk Management Program Ripe for Innovation? Part 2


There are two questions you should be asking yourself about your organization’s insider threat program:

  1. What is the probability that your organization will experience an insider threat? The assumption is that the probability is probably low.  Again, that fateful mental model based on the perception that “the worst-case scenario is also the least probable’ applies to an organization’s efforts to stand up even a minimum viable product (MVP)-level insider threat or counter cyber espionage program.  The reality is that 34% of all breaches in 2018 were caused by insiders (a), yet less than 20% of U.S. organizations possess effective security programs to combat it. (b)
  2. What will be the impact if your organization experiences an insider threat incident or damage linked to insider activity?  “The results range from information leakage and national security breaches to workplace violence and even reputational damage. Insiders’ unintentional actions can be equally damaging. Clearly, a robust insider threat program that protects government resources, employees, and contractors can deliver significant value and reduce associated risks.”  (1)

In this series of posts, we ask the further question:  how can a serious internal commitment to the design process and collective intelligence (aka community-driven insider threat initiatives) give this often ignored sub-sector of risk management the priority it requires within your organization, driven by innovation?

In Part I of this series, we took a look at the Transportation Security Administration (TSA) Insider Threat Roadmap 2020 and advanced analytics.  Following are two more initiatives that are thinking differently about insider threat program implementation through innovative architectures, collective intelligence, advanced analytics, and the use of publicly available information (PAI).  Community-based and partner collaborations up and down the supply chain are also a hallmark of these efforts, as there is a growing acknowledgment that internal-facing and traditionally siloed insider threat efforts are part of the problem.

In Part II, we examine the approaches taken and the resources available at the Carnegie Mellon University Software Engineering Institute (SEI) and the MITRE Center for Threat-Informed Defense (CTID).

Carnegie Mellon University Software Engineering Institute (SEI)

According to the Carnegie Mellon University Software Engineering Institute (SEI) website, the institute:

“…adopts a holistic approach to insider threat research to understand not only the ‘how’ of insider incidents, but also the ‘why.’  In most cases, employees don’t join their organizations with the intent to do harm.  Rather, employees can become motivated to carry out attacks against their employers when they experience a series of stressors, when they exhibit concerning behaviors, and when employers address those behaviors in some maladaptive way. When that happens, employees can become easy and willing targets of pressure from criminals and foreign agents, or they might become disgruntled and careless on the job. A major goal of insider threat research, therefore, is to understand root causes of stressors and concerning behaviors to detect them early and offer employees better help before they commit a harmful act.”

SEI’s Insider Threat research is organized around a concept they call positive deterrence, providing a framework for how best to provide employees positive incentives for reducing insider threat.

To continue reading please consider joining as either a subscriber or full member to support our continued research and analysis. For more on benefits of membership see below.

Want more insight? Log in for the full report

Already a member?  Sign in to your account.

Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.