RT Article
T1 Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures
JF Journal of criminology
VO 56
IS 4
SP 416
OP 440
A1 Moneva, Asier
A2 Leukfeldt, E. R. 1982-
LA English
YR 2023
UL https://krimdok.uni-tuebingen.de/Record/1888371927
AB Insider threats represent a latent risk to all organisations, whether they are large companies or Small or Medium-sized Enterprises (SMEs). Insiders, the individuals with privileged access to the assets of organisations, can compromise their proper functioning and cause serious consequences that can be direct?such as financial?or indirect?such as reputational. Insider incidents can have a negative impact on SMEs, as their resources are often limited, making it paramount to implement adequate cyber security measures. Despite its indisputable relevance, the empirical study of insider incidents from a criminological point of view has received little attention. This paper presents the results of an exploratory study that aims to understand the nature and extent of three types of insider incidents?malicious, negligent, and well-meaning?and how they are related to the adoption of cyber security measures. To that end, we administered a questionnaire among a panel of 496 Dutch SME entrepreneurs and managers and analysed the results quantitatively and qualitatively. The results show that although the prevalence of insider incidents is relatively low among Dutch SMEs, few organisations report a disproportionate number of incidents that often entail serious consequences. A regression model shows that there are cyber security measures related to both higher and lower incident likelihood. The implications of these findings for the cyber security policies of SMEs are discussed.
K1 Insider threats
K1 SMEs
K1 cyber security
K1 insider incidents
K1 insiders
K1 Organisations
DO 10.1177/26338076231161842