Mistreating or ignoring employees creates insider threats

Let me ask you a question: would you ever hand your trade secrets to a stranger and hope for the best? Of course not. But every day, organisations do something just as risky—they mistreat or ignore employees who already have access to their crown jewels: your research, your technology, your commercialisation strategy, your client data.

I’ve spent my career working in risk, fraud, insider threat, and IP protection. I’ve seen firsthand how resentment—often fuelled by unfair treatment—turns smart, capable employees into ticking time bombs. And yet, most businesses still treat fairness like it’s an HR initiative rather than a core part of their operational defence strategy.

Here’s why that thinking will cost you—and what to do instead.

The real cost of unfairness

Let’s talk numbers, because nothing says “this matters” like hard data:

• According to the 2023 Verizon Data Breach Investigations Report, over 20% of all data breaches involved insiders (some studies claim this figure is up to 60%!). The average cost of an insider incident? $15.38 million, according to Ponemon’s latest research. That’s not including the reputational damage, lost clients, or regulatory fines.
• Worryingly, in 70% of insider threat cases, there were obvious warning signs—employees showing declining performance, acting out, or repeatedly raising concerns that went unresolved. In other words, most of these incidents were entirely avoidable. It makes you wonder what their managers were doing…

Case in point? In 2020, a former engineer at GE was convicted of stealing trade secrets to help a Chinese company replicate their turbine engine designs. Investigators found he felt overlooked and undervalued—classic workplace grievance turned commercial espionage.

Why fairness works (and spy software alone doesn’t)

We love our shiny tools—endpoint monitoring, behavioural analytics, supply chain risk dashboards. All great. But none of them will stop Barry from Accounts if he feels betrayed, mistreated, or ignored.

Why? Because fairness builds trust. Trust reduces resentment. And trust is the bedrock of any sustainable risk posture.

Fairness in business isn’t just a moral checkbox. It’s a strategy.

Let’s break it down:

• Fair treatment reduces motivation for malicious acts. People don’t wake up one day and decide to sell trade secrets to a competitor—they get there through a slow burn of perceived injustice.
• Grievance procedures are part of your security controls, not just HR fluff. If employees don’t trust that they’ll be treated fairly, they’ll act out—or leave, taking your IP with them.
• Consistent rewards and transparent decisions—especially around promotions, performance feedback, or project allocation—go a long way in building psychological safety.

Want better security? Start with a little humanity.

Mitigating risks from workplace sabotage

Turn complaints into competitive advantage

Instead of seeing grievances as annoyances, treat them as intel. A well-handled complaint is your early-warning radar system.

So here’s a few approaches to consider:

1. Listen like you mean it. Most people don’t need to win the battle—they just want to be heard and respected.
2. Act quickly. Delays in resolving issues amplify frustration. Slow grievance handling = fast trust erosion.
3. Follow through. Saying “we’ll look into it” without doing anything? That’s just passive-aggressive gaslighting. If you can’t fix it, explain why.

And don’t forget your supply chain. One disgruntled contractor with access to your research data can do more damage than a nation-state hacker. (Looking at you, SolarWinds.)

6 steps to improving security and integrity culture in the workplace

What fairness gets you (besides fewer lawsuits)

When organisations embed fairness into their operations, magical things happen:

• Lower fraud and insider threat risk. Fewer reasons for sabotage, more eyes and ears helping you protect your IP.
• Higher employee retention. You don’t have to constantly re-train staff who leave because they’re fed up.
• More engaged teams. People work harder and smarter when they’re not plotting your downfall. Shocking, I know.

Best of all? It’s a competitive differentiator. Investors and partners don’t just want strong financials—they want to see that your people (and your technology) are protected. Fairness and trust are part of your brand.

Call To Action: Don’t wait for Barry to snap

So what now?

Ask yourself (and your leadership team):

• Do your employees trust your grievance process?
• Are you treating people fairly—especially when it comes to promotions, discipline, or resource allocation?
• Have you connected fairness and trust-building to your broader IP protection, insider threat, or commercialisation strategies?

If any of that feels like a “hmm, not really,” then you’ve got work to do. The good news? You don’t need a fancy new tech stack to fix this. You just need to give a damn.

Because trust isn’t a vulnerability. It’s your strongest security control.

And Barry from Accounts? He just wants a bit of respect—and maybe fewer passive-aggressive all-staff emails.

Want help building a culture that protects your research, your people, and your bottom line? Reach out. Let’s make insider threats one less thing you have to worry about.

Further Reading

• Curwell, P. (2023). Mitigating risks from workplace sabotage
• Curwell, P. (2023). 6 steps to improving security and integrity culture in the workplace
• McCormac, A., Parsons, K, and Butavicius (2012). Preventing and Profiling Malicious Insider Attacks, DSTO-TR-26976, Defence Science and Technology Organisation, Australian Government.
• Reed, T. (2019). You Can’t Always Get What You Want: Employee and Organizational Responses to Perceived Workplace Injustices and their Relationship to Insider Attacks, Homeland Security Affairs
• Searle, R. and Rice, C. (2018). Positively Influencing Individuals During Organisational Change, Centre for Research and Evidence on Security Threats, United Kindgom

DISCLAIMER: All information presented on paulcurwell.com is intended for general information purposes only. The content of paulcurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon paulcurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.