search menu icon-carat-right cmu-wordmark

Reducing Insider Risk Through Positive Deterrence

In this article, the authors describe why and how insider risk management programs (IRMPs) should consider promoting a set of evidence-based management practices that are called positive deterrence.

Counter-Insider Threat Research and Practice


Most organizations approach insider risk management with a command-and-control focus, putting pressure on employees to act in the interests of the organization. Positive deterrence reduces insider risk by complementing the command-and-control approach with better alignment of the mutual interests of the individual and the organization. Programs that embrace positive deterrence can unlock a greater potential to minimize insider risk and mitigate the negative perceptions employees often have of the command-and-control approach. In this article, we describe why and how insider risk management programs (IRMPs) can augment their command-and-control strategies with positive deterrence. We provide actionable guidance on how to combine positive deterrence with command-and-control, resulting in a balanced way to reduce insider risk. As a complement to command-and-control, positive deterrence creates a work environment that reinforces the bond between the organization and its workforce, contributing to the well-being of both.