Cyber hackers know the weakest spot to target: unhappy employees
Loyalty has become the frontline of cyber defence. A disaffected employee is more dangerous than the most sophisticated malware, writes Paul Armstrong
October is the month of cybersecurity, so expect to hear a lot about firewalls, zero-days and state-sponsored hackers for the next few weeks. The BBC insider-threat story is one that should be a flashing red light warning to a lot of leaders out there who are soft firing, not investing, denying requests and generally not worrying about their meatbags.
Why? Not the technology, but the psychology. A ransomware gang approached a journalist with a simple proposition: hand over your corporate keys and never work again. No brute-force attack. No dark-web exploits. Just a direct appeal to human frustration. Hackers know the softest target is not code, but your unhappy people. Now ask yourself, after years of less than cost of living wage rises and watching record CEO bonuses, are your employees less or more likely to be tempted?
Businesses should pay attention because this is not an isolated stunt. Insider threats are rising precisely because the global workforce is restless. Employees are bombarded daily with recruiter emails, Linkedin messages, private Whatsapps, and counteroffers. Now criminal syndicates are promising life-changing wealth in exchange for a login and a moment of complicity. The calculation is as ugly as it is brutally simple. Why keep grinding for incremental pay rises when criminals promise financial freedom? Boards and investors who still treat employee engagement as a soft metric could well be adding to their own list of problems and increasing risk exposure.
But don’t they all get caught? Here’s the brilliant bit. No. Many breaches are misattributed to “external” threats because attribution is messy. Sophisticated syndicates exploit legitimate credentials and slow internal investigations. Law enforcement capacity is finite and prioritises large-scale or politically sensitive cases. The real deterrent is organisational vigilance, not policing.
Loyalty is the best firewall
Loyalty has become the frontline of cyber defence. A disaffected employee is more dangerous than the most sophisticated malware. The weakest link is no longer the intern clicking on a phishing email, but the person who understands exactly how valuable their access is and how little they feel rewarded for protecting it. Every workforce survey that reports declining engagement should be read not just as an HR problem, but as a line item on the corporate risk register.
Cyber insurance will not cover unhappiness. Policies are already full of exclusions and rising premiums. Insurers know that no technology stack can mitigate a workforce demoralised enough to collaborate with attackers. Governance frameworks that ignore morale should be deemed incomplete. Culture isn’t a nice-to-have; it’s as much a defence mechanism as it is part of your identity.
Hackers understand workforce psychology with frightening clarity. These groups know the leverage points: long hours, flat pay, poor recognition and they weaponise the same frustrations that cause employees to resign or disengage. A darker version of headhunting is now in play. Recruiters poach the best, whereas criminals tempt the rest. Both are competing for your workforce, and both expose the same underlying fragility. If an employee does not feel respected or rewarded, loyalty is likely up for auction.
Beyond quiet quitting
Quiet quitting was the headline of 2022, hybrid work angst filled 2023, and Generative AI anxiety has dominated since then. Insider threats could be the next evolution. Employees are not only questioning why they should go the extra mile. Offers are arriving that encourage them to step out entirely. The question is less about presenteeism and more about existential temptation.
Boards need sharper tools to detect disengagement at every level. C-suite turnover is rising globally, CEO tenure is shortening, and even senior leaders are quietly checking out while collecting their packages. A coasting executive may not be selling passwords, but the effect is still corrosive. Disengagement has many faces. The common thread is the absence of commitment, as culture gaps at any level can compromise resilience.
Surveillance software is a tempting but misguided response. Monitoring keystrokes or flagging suspicious activity may catch a few cases but corrodes trust even further. The smarter approach is to treat employees as stakeholders in security rather than suspects. A loyal employee is less likely to be tempted and more likely to report unusual approaches.
What leaders should do now to strengthen their cyber defences
Start with honesty and do not sugarcoat the details. Employees need to hear directly from leadership that insider threats exist, that approaches will come, and that loyalty is valued enough to make saying no the easiest decision. Acknowledge that criminals are offering life-changing money, but emphasise that a company which looks after its people makes that deal unattractive.
Transparency can build resilience, and silence leaves employees to navigate temptation alone.
Tangible investment in satisfaction must follow any talk about this subject. Pay rises, recognition schemes, clear career paths, and flexible working are not only retention tools but cybersecurity strategies. An employee who feels respected and rewarded is far less likely to compromise the firm. Even small signals matter. A sense of being undervalued creates precisely the resentment criminals exploit. The cheapest breach prevention strategy may be higher payroll costs.
Culture also needs to shift as security should be part of workforce identity, not an afterthought. If you’re not working to make your employees see themselves as guardians, not just staff, you’ve got work to do. Getting this done requires regular dialogue, visible accountability from leadership, and systems that make secure behaviour easy, not a burden. Companies that cultivate pride in protecting the mission will find that insider approaches are not only resisted but actively reported.
The economic context makes all this harder. Firms are cutting costs, automating roles, and preserving margins. Graduate hiring is falling as AI takes on entry-level work. Redundancies and restructurings are eroding loyalty across industries. Against that backdrop, the temptation to treat culture as expendable is strong. Yet in high uncertainty years, culture becomes most valuable. An underpaid and unsettled workforce is a live risk vector beyond being tempted by hackers.
Insider threats are not a side note, they’re increasingly showing up because employees are getting desperate, fed up and disengaged. From a cost/benefit perspective employees have always been expensive in terms of productivity and retention, but now there’s catastrophic potential from the lowest-paid workers. Hackers no longer need to massively outwit encryption, they just need to hold up a mirror and apply enough pressure. Ensuring your staff doesn’t feel overlooked and pennypinched is just step one on a long road. If morale is like HR wallpaper rather than a risk metric, companies will learn the hard way just how easy it is to hack your company, and how the best cyber defence really might be that above cost of living surprise pay rise.
Paul Armstrong is founder of emerging tech advisory, TBD Group, and its intelligence community, TBD+