Insider threats occur when authorised individuals misuse legitimate access to harm the organisation. Such incidents typically develop through stages. The
insider threat pathway explains how relatively stable predispositions interact with stressors to produce warning behaviours that, if unchecked, may progress to ideation, preparation, and action (Shaw and Sellers, 2015). This article reviews Stages One–Two, outlines observable indicators, and explains how the Applied Behavioural Profiling Model (ABPM™) converts human signals into proportionate, support-first interventions.
Stage One – Predispositions.
Predispositions are stable orientations (e.g., grievance-prone, risk-seeking, boundary-testing) and contextual factors (e.g., incentive structures, enforcement climate) that shape how stress is interpreted. They are not diagnoses or destinies; they indicate how stress may express, not whether harm will occur. For example, an employee with a history of counterproductive behaviours or personal grievances against the company may be at higher baseline risk.
Stage Two – Stressors and triggers.
Crucially, stressors (acute/chronic) from personal life or work (e.g., financial strain, demotion, conflict) can push at-risk individuals along the pathway. Under stress, deviations from baseline often appear: uncharacteristic withdrawal/irritability, boundary-testing, grievance fixation, justification talk, or unusual access interest.
While this essay emphasises Stages One and Two, early work should anticipate junctions with later stages:
- Ideation. The person constructs a narrative that justifies potential harm (“I am owed”, “rules are illegitimate”). Watch for rumination hardened into grievance scripts.
- Preparation. Concrete means testing: policy probing, unusual access exploration, removal of monitoring frictions.
- Action. Execution, often opportunistic in timing.
How ABPM™ supports early disruption.
The Applied Behavioural Profiling Model (ABPM™) is a structured approach to transforming behavioural observations into actionable intelligence. Unlike personality tests or data analytics, ABPM™ relies on direct observation and contextual analysis. It proceeds in two main steps:
Step 1: Three-dimensional observation. Over time, this structured observation builds a rich picture of the individual under normal and stress conditions.
Step 2: Profile construction. ABPM™ integrates insights from psychology and criminology to interpret what has been observed.
ABPM™ outputs consist of:
- Risk profile. Where/when risk may surface; intelligence, not labels.
- Motivation/influence strategies. Ethical communication/influence approaches.
- Job-role fit. Alignment between observed work style and current role demands; adjustments that reduce friction.
- Likely stressors. Situations most liable to trigger drift (e.g., status threat, ambiguity spikes, isolated work).
Why this matters.
Because ABPM begins with observation, it avoids self-report pitfalls and anchors analysis in role-context behaviour; the four outputs convert early signals into proportionate options precisely where organisations retain the most leverage.
Governance and bias minimisation.
Governance is grounded in necessity and proportionality, with standardised observation rubrics and multi-reviewer escalation to reduce bias. The programme maintains internal transparency about what is observed, why, how long it is retained, and routes for redress, and it keeps supportive interventions distinct from disciplinary processes. Data handling complies with GDPR and the Equality Act through data minimisation and behaviour-only, role-relevant records.
Conclusion.
Pathway thinking reframes insider risk as a dynamic interaction between predispositions and stressors that unfolds before technical alerts. The optimal leverage is early: use A–B–E observation to establish a contextual baseline, then apply ABPM to translate deviations into risk profile, motivation strategies, role-fit adjustments, and anticipated stressors. Under robust governance and bias controls, these outputs enable support-first, proportionate interventions that reduce friction and prevent escalation.
Shaw, E. and Sellers, L. (2015). Eric D. Shaw and Laura Sellers (2015)‘Application of the Critical-Path Method to Evaluate Insider Risks,’ Studies in Intelligence, Volume 59, Number 2, June, pages 41-48. Available at: https://www.researchgate.net/publication/280936175_Eric_D_Shaw_and_Laura_Sellers_2015Application_of_the_Critical-Path_Method_to_Evaluate_Insider_Risks_Studies_in_Intelligence_Volume_59_Number_2_June_pages_41-48_The_Central_Intelligence_Agency_Washingt.
