The “human factor” in cyber security reading: Exploring the accidental insider

A great deal of research has been devoted to the exploration and categorization of threats posed from
malicious attacks from current employees who are disgruntled with the organisation, or are motivated
by financial gain. These so-called “insider threats” pose a growing menace to information security,
but given the right mechanisms, they have the potential to be detected and caught. In contrast, human
factors related to aspects of poor planning, lack of attention to detail, and ignorance are linked to the
rise of the accidental or unintentional insider. In this instance there is no malicious intent and no prior
planning for their “attack,” but their actions can be equally as damaging and disruptive to the organi-
sation. This chapter presents an exploration of fundamental human factors that could contribute to an
individual becoming an unintentional threat. Furthermore, key frameworks for designing mitigations
for such threats are also presented, alongside suggestions for future research in this area.