An Analysis of Motive and Observable Behavioral Indicators Associated with Insider Cyber Sabotage and Other Attacks

Malicious insider attacks affect all sectors, economies, and organizations of the world, with insider cyber-sabotage causing significant damage. Key findings from previous research on malicious insider threats underscore a need for prevention and detection programs that are broadly based. Current risk management administrative and technical mitigation techniques often include indicators of potential malicious insiders in the form of personal factors and observable behaviors. However, these need empirical validation in the context of cyber-sabotage. This article builds on previous research on insider threats and investigates the relationship between motives, behavioral indicators, and insider cyber-sabotage. We examine 74 actual cases of convicted insider threat attacks using a logistic regression model. The results confirm hypotheses that revenge (one of the motives), addiction (one of the observable behavioral indicators), and poor work performance increase the likelihood of insider sabotage. The findings provide empirical validation of cyber-sabotage specific indicators for insider threat programs. Implications and future research are discussed.