Understanding Human Factors of Cybersecurity: Drivers of Insider Threats

Abstract

As the implementation of computer systems has continued to grow, so has the number of employee-driven cyberspace infractions. Although employee malicious behaviors have continued to have detrimental effects on cybersecurity strategies, most studies have focused on technological gaps rather than human risk vulnerabilities. This grounded theory study was designed to identify human factors that drive cyberspace insider threat activities from cybersecurity experts. A literature analysis suggests a need for more qualitative studies to understand human factors of cybersecurity threats. This study's findings provide a framework to connect drivers and factors associated with insider threats through detailed themes. These six drivers lend a deeper understanding of individual, cultural, and technological influences on cyber threats. The findings also introduce connections between employee insider threat activities driven by unwitting, witting, unmalicious, and/or malicious behaviors.