Malicious Insiders in the Workplace Series: What Do Malicious Insiders Get Paid? (Part 3 of 4)
In parts one and two of this series, I analyzed the gender and organizational roles of malicious insiders. In this third part of the series, I analyze the CERT Insider Threat Incident Corpus for insights into the salaries of the insiders who committed the incidents.
In 453 of the 726 incidents where a malicious insider's motivation is known, that motivation is financial gain (62.4%). If financial gain is such a motivating factor, determining how much malicious insiders typically earn may add to our understanding of who within organizations may be more likely to commit an insider incident. To focus attention toward financial gain, this post focuses on incidents where insiders committed fraud or theft of intellectual property. In effect, these are crimes of theft against an organization, as opposed to cases of IT sabotage where direct damage is caused to an organization. Furthermore, incidents of sabotage are typically not driven by financial motivations, but revenge, so the implications for insider salaries are problematic.
Using not only the disclosed position types, but fraud and theft of IP incidents where a malicious insider's job title is known (176), we estimated an average salary using the Bureau of Labor Statistics National Occupational Employment and Wage Estimates on median compensation by job title/role in 2014. The results are illustrated in the following chart:
The lowest earning insiders tend to be female.
Thirty-nine percent of female insiders included in the sample earn less than $30,000 a year. In 2014, this level of income was considered the poverty line for a family of four. When including insiders earning more than $30,000 but less than $40,000, nearly two-thirds (65.6%) of the female insiders earned less than $40,000. Of these female insiders, 90.5% committed fraud and only 9.5% committed theft of IP. Considering financial gain as a motivation, perhaps low-earning female insiders commit fraud (usually the theft of personally identifiable information or money) to "make ends meet."
The fewest number of insiders committing fraud or theft of IP were estimated to earn between $40,000 and $80,000.
Insiders earning more than $40,000 but less than $80,000 represented approximately 21% of the overall sample, and also 21% of both male and female insiders. For comparison, the U.S. median income at that same time period was $53,657. Approximately one-quarter of workers earned between $40,000 and $80,000. Put more simply, the fewest insiders, both male and female, were associated with what could be considered an average "living wage."
The highest earning insiders tend to be male.
While 28 male insiders in the sample were estimated to earn less than $40,000, an additional 38 insiders were estimated to earn $80,000 or more. High-earning male insiders represent 45.2% of all male insiders and 80.9% of all high earners. Of these male insiders, 28.9% committed fraud and 71.1% committed theft of IP. Particularly within incidents of theft of IP, these male insiders typically held developer or C-suite positions. From a behavioral standpoint, these insiders might be characterized as being ambitious or feeling a sense of entitlement to organizational resources. While those committing fraud may have done so to fund their lifestyle, others may have committed theft of IP for a competitive business advantage.
Sabotage incidents tend to be committed by higher earning male insiders.
In addition to the chart earlier in this post that featured 176 insiders who committed fraud or theft of IP, information was collected on the estimated salary of 56 insiders that committed sabotage, shown in the following chart.
Of the 56 insiders in this sample, 52 (92.9%) were male. Furthermore, 73.1% of the male insiders committing sabotage were estimated to earn $70,000 or more. More specifically, 36.5% (over a third) were estimated to earn in the $70,000 to $79,999 range; this salary is reflective of mid-level system administrator positions. As only four female insiders were found to have committed sabotage, there is not enough information to draw conclusions on their earnings. However, incidents of sabotage overall tend to be far more associated with male than female insiders.
More research will lead to further conclusions.
The sample data on fraud and theft of IP incidents appears to indicate a relationship between gender and estimated salary. While additional research is needed to make more robust conclusions, initial results indicate that fraud is most associated with lower earning female insiders, whereas theft of IP is associated with higher earning male insiders. Insiders of both genders committing theft of IP or fraud were least associated with more of a median working wage. Within sabotage incidents, insiders were typically male and higher earning.
The next and final part in this blog series aligns what we've learned about who insiders are and the real-world impacts they have had on victim organizations. Refer to the video "Make Sure This Doesn't Happen to You!" for some unique real-world impacts that have resulted from insider threat incidents.
PUBLISHED IN
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.
Subscribe Get our RSS feedMore In Insider Threat
Get updates on our latest work.
Each week, our researchers write about the latest in software engineering, cybersecurity and artificial intelligence. Sign up to get the latest post sent to your inbox the day it's published.
Subscribe Get our RSS feed