While most organizations address cybersecurity issues with technology and surveillance, Emmanuel Anti’s research argues that empathy may be a more effective defense. His doctoral dissertation at the University of Vaasa explores insider deviance, and how understanding the human elements related to it can lead to stronger, more sustainable cybersecurity practices.
Insider threats and deviance occur when employees, contractors or former staff misuse their access to an organization’s systems—either deliberately or by accident. Anti’s research in information systems science sheds light on the human side of these incidents, showing that fear, stress, culture, morality and ethics, and emotional strain can all contribute to deviant digital behaviors.
“People do not always plan to break the rules. Unintentional acts like sending confidential emails to the wrong person or falling victim to a phishing attack may arise from the same root causes, such as stress, pressure and an unsupportive work culture,” Anti explains.
Some employees also display so-called “deviant creativity”—finding clever and novel ways to bypass security restrictions. Using insider knowledge in clever but risky ways can expose the organization to cybersecurity threats. For instance, an employee might email sensitive files to their personal account to save time and finish work off-site, knowing the system won’t flag unclassified data or block personal addresses.
“When security systems and policies are too rigid, employees create workarounds. To strengthen compliance and security culture, organizations must first understand what motivates people to bypass the rules,” Anti says.
Technology alone cannot solve insider risks
Traditionally, organizations have relied on technological tools to manage insider threats, but Anti argues this approach fails by ignoring the human element. Today’s tools, including AI systems used to monitor employees, can misread work quality, rewarding speed over care and branding thoughtful, careful workers as inefficient. Over time, this can create frustration, strain, and mistrust.
“Rather than preventing insider threats, these tools can help cause them. Insider deviance becomes a reaction to emotional, contextual, and environmental pressures,” Anti warns.
His dissertation proposes an alternative: an empathetic security model grounded in design thinking. This approach encourages organizations to co-create cybersecurity policies with employees, focusing on understanding their needs, motivations and emotional well-being.
“Empathy builds trust. When employees feel understood, they are more likely to report mistakes instead of hiding them, and to follow security rules because they helped create them,” Anti concludes.
Source – https://techxplore.com/news/2025-11-stress-toxic-workplace-culture-insider.html