search menu icon-carat-right cmu-wordmark

The Critical Role of Positive Incentives for Reducing Insider Threats

December 2016 Technical Report
Andrew P. Moore, Jeff Savinda, Elizabeth A. Monaco, Jamie L. Moyes, Denise M. Rousseau (Carnegie Mellon University), Samuel J. Perl, Jennifer Cowley, Matthew L. Collins, Tracy Cassidy, Nathan VanHoudnos, Palma Buttles-Valdez, Daniel Bauer, Allison Parshall

This report describes how positive incentives complement traditional practices to provide a better balance for organizations' insider threat programs.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


Traditional insider threat practices involve negative incentives that attempt to force employees to act in the interests of the organization and, when relied on excessively, can result in negative unintended consequences that exacerbate insider threats. Positive incentives that attempt to encourage employees to act in the interests of the organization can complement negative incentives. In our research, we identified and analyzed three avenues for aligning the interests of the employee and the organization: job engagement, perceived organizational support, and connectedness with co-workers. Based on an analysis of three insider threat incidents and an exploratory survey of organizations, we developed a model of the disgruntled insider threat problem as it relates to dissatisfaction with the employing organization and the potential benefits associated with positive incentives that improve perceived organizational support and justice. To help organizations understand their options for using positive incentives as part of their insider threat program, we outline workforce management practices to improve employees' feelings of being supported by the organization. This research is a first step toward creating a well-grounded foundation on which insider threat programs can establish a more balanced and effective means of reducing insider threats, one that is a net positive for both the employee and the organization.