Insider Threats: The Role of HR in Mitigating Internal Cyber Risks
DOI:
https://doi.org/10.5281/zenodo.17317577Keywords:
Insider Threats, Human Resources, Cybersecurity, Employee Monitoring, Human Firewall.Abstract
Insider threats represent one of the most significant and insidious challenges to organi s ational cybersecurity, often resulting in more devastating consequences than external attacks due to the insider's authori s ed access and knowledge of internal systems. These threats may stem from malicious intent, negligence, or lack of cybersecurity awareness among employees. In this context, the Human Resources (HR) department plays a pivotal yet often underemphasized role in identifying, preventing, and mitigating internal cyber risks. This paper explores the multifaceted responsibilities of HR in managing insider threats through a proactive, policy-driven, and culture-centric approach. It highlights how HR functions—ranging from recruitment and onboarding to performance evaluation, employee monitoring, training, and offboarding—can be aligned with cybersecurity protocols to reduce vulnerabilities. By integrating cybersecurity awareness programs into employee training, conducting behavio u ral risk assessments, and implementing continuous access control policies, HR can help build a ‘human firewall’ that complements technological safeguards. The study further addresses the psychological and behavio u ral aspects of insider threat mitigation, emphasi s ing the importance of fostering a transparent, ethical, and digitally responsible workplace culture. Through a review of existing literature, case studies, and best practices from various industries, this paper offers a comprehensive framework for HR to act as a strategic partner in organi s ational cybersecurity resilience. The findings suggest that when HR departments adopt a proactive stance and are equipped with the right tools and training, they can play a critical role in identifying warning signs, reinforcing secure behavio u r, and ultimately mitigating the risk posed by insiders.References
Asasfeh, A., Alnawayseh, S. E., AbdElkareem, R., & Salahat, M. (2024, February). Human factors in security management: Understanding and mitigating insider threats. In 2024 2nd International Conference on Cyber Resilience (ICCR) (pp. 1–10). IEEE. https://doi.org/10.1109/ICCR61006.2024.10532846
Ayanbode, N., Abieba, O. A., Chukwurah, N., Ajayi, O. O., & Ifesinachi, A. (2024). Human factors in fintech cybersecurity: Addressing insider threats and behavioral risks. Journal of Cybersecurity in FinTech, 14(2), 34–49.
Bailey, T., Kolo, B., Rajagopalan, K., & Ware, D. (2018). Insider threat: The human element of cyberrisk. McKinsey Quarterly, 1–8. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/insider-threat-the-human-element-of-cyberrisk
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: How to prevent, detect, and respond to information technology crimes (theft, sabotage, fraud). Addison-Wesley.
Collins, M. (2016). Common sense guide to mitigating insider threats (No. CMU/SEI-2016-TR-015). Software Engineering Institute, Carnegie Mellon University. https://insights.sei.cmu.edu/library/common-sense-guide-to-mitigating-insider-threats-fifth-edition/
Colwill, C. (2009). Human factors in information security: The insider threat—Who can you trust these days? Information Security Technical Report, 14(4), 186–196. https://doi.org/10.1016/j.istr.2010.04.004
Georgiadou, A., Mouzakitis, S., & Askounis, D. (2022). Detecting insider threat via a cyber-security culture framework. Journal of Computer Information Systems, 62(4), 706–716. https://doi.org/10.1080/08874417.2021.1903367
Hills, M., & Anjali, A. (2017). A human factors contribution to countering insider threats: Practical prospects from a novel approach to warning and avoiding. Security Journal, 30(1), 142–152. https://doi.org/10.1057/sj.2014.17
Khan, N., Houghton, R. J., & Sharples, S. (2022). Understanding factors that influence unintentional insider threat: A framework to counteract unintentional risks. Cognition, Technology & Work, 24(3), 393–421. https://doi.org/10.1007/s10111-021-00692-7
Liu, L., De Vel, O., Han, Q. L., Zhang, J., & Xiang, Y. (2018). Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials, 20(2), 1397–1417. https://doi.org/10.1109/COMST.2018.2800740
Nassir, N. F. M., Rauf, U. F. A., Zainol, Z., & Ghani, K. A. (2024). Revealing the multi-perspective factors behind insider threats in cybersecurity. Journal of Media and Information Warfare, 17(1), 65–82.
Nica, E., Burcea, Ș. G., & Sabie, O. M. (2024). The critical role of human resources in mitigating and managing cybersecurity risks in modern organizations: A strategic approach. Psychosociological Issues in Human Resource Management, 12(2), 7–30. https://doi.org/10.22381/pihrm12220241
Silowash, G. J., Cappelli, D. M., Moore, A. P., Trzeciak, R. F., Shimeall, T., & Flynn, L. (2012). Common sense guide to mitigating insider threats (4th ed., No. CMU/SEI-2012-TR-012). Software Engineering Institute, Carnegie Mellon University. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=28618
Theis, M., Trzeciak, R. F., Costa, D. L., Moore, A. P., Miller, S., Cassidy, T., & Claycomb, W. R. (2019). Common sense guide to mitigating insider threats (6th ed., No. CMU/SEI-2019-TR-010). Software Engineering Institute, Carnegie Mellon University. https://insights.sei.cmu.edu/library/common-sense-guide-to-mitigating-insider-threats-sixth-edition/
Zangana, H. M., Sallow, Z. B., & Omar, M. (2025). The human factor in cybersecurity: Addressing the risks of insider threats. Jurnal Ilmiah Computer Science, 3(2), 76–85. https://doi.org/10.58602/jics.v3i2.145
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Diana Ussher-Eke

This work is licensed under a Creative Commons Attribution 4.0 International License.