Rogue Employees— The Enemy Within

Insurance industry reports suggest 80 percent of all cyber liability claims come from employee negligence, including acts by rogue employees.

The largest threat to your company and network comes not from the hackers and crackers on the outside trying to get in but from your own employees who want to cause mischief or who inadvertently cause damage from within.

According to SANS Institute, a nonprofit cybersecurity research organization, disgruntled employees or ex-employees are responsible for two-thirds of all intellectual property theft. Insurance industry reports suggest 80 percent of all cyber liability claims come from employee negligence, including acts by rogue employees. Research by Carnegie Mellon University indicates it takes companies on average a staggering three years to notice an employee is stealing secrets, which gives the perpetrator ample opportunity to cause serious damage.

A determined “rogue employee” can severely harm an employer and inflict substantial damage by:

  • Vandalizing company property
  • Destroying computer files
  • Embezzling money
  • Starting a social media campaign to defame the company
  • Ruining a company’s reputation
  • Shredding important records and documents
  • Reporting the company to the authorities/ regulators
  • Calling emergency services to report suspicious packages to disrupt business
  • Stealing trade secrets (i.e., client information, codes, etc.) and sharing with rivals
  • Causing the company to incur expenses, liability, or fines


There are four basic types of “rogue employees”:

1. Ambitious, resourceful, and independent individuals. These rogue employees stay up all night to find ways around the rules and procedures. They are intelligent, cunning, and motivated and are especially dangerous to an organization because they are so capable and resourceful.

2. Disgruntled employees/revenge seekers. They hold a grudge and wish to harm the organization. When they quit or are fired, they may steal proprietary information and leak it or cause damage to the organization by contacting suppliers, shareholders, authorities, regulators, etc.

3. Negligent employees. These employees disobey rules and protocols. They leave their login IDs and passwords on sticky notes posted to their computer monitor; share sensitive information in e-mails; leave client lists or confidential presentations on whiteboards in meeting rooms; or forget company laptops, phones, or documents on public transportation. Unintentional rogue activities are random and difficult to plan for and, therefore, a greater risk and more common than intentional ones. Particularly alarming is the fact that many exemployees often still have access to confidential data at their previous employer.

4. Employees with secret political affiliations and loyalties. Any employee can have a rogue political affiliation, ranging from a sophisticated art expert employed by the British royal family (Anthony Blunt) to the nice 87-year-old lady next door (Melitta Norwood, inspiration for the film, Red Joan) or women used as honeytraps (Anna Chapman).


What can employers do to prevent or mitigate potential damage from rogue employees?

1. Establish clear written expectations relating to employee departures. Draft policies and incorporate specific terms into employment contracts about the obligations of departing employees (confidentiality; fidelity; mutual trust; return of company property such as office keys, hardware, passwords, etc.); and non-solicitation of employees/customers.

2. Have a clear exit strategy that reflects the employee’s role in the business, the information/ systems he or she has access to, and whether that access has been permanently severed. It may be appropriate to restrict or change employees’ duties when they are leaving—for example, allocate them more administrative tasks with limited access to useful confidential information they might use at their next employer. It may be appropriate to place the employee on paid “garden leave,” especially when the disgruntled employee could be disruptive in the workplace or jeopardize customer relationships. If the business has any concerns about the potential actions of a departing employee during his or her notice period, invoking the Payment in Lieu of Notice clause (PILON) would be the preferred option to terminate the relationship immediately and protect the business. Prevention is better than cure—it is easier and more cost effective for employers to prevent damage or loss by ensuring their employment contracts contain the provisions they can rely on to manage the exit effectively.

The appropriate steps to take will vary depending on each employee and the scenario.

3. Examine company computers, mobile phones, and e-mail accounts to find evidence of improper conduct when the employee has departed under dubious circumstances, and work with IT providers to secure data and prevent data theft or sabotage. Employers should ensure they have policies in place giving them the right to monitor and examine the use of the company’s electronic equipment.

4. Keep in mind that lawsuits involving employees gone rogue frequently lack evidence. Prior to engaging in expensive and protracted lawsuits, employers should gather evidence proving the unlawful conduct and the harm caused to the business.

5. Act swiftly if you discover a departed employee has retained confidential information or company property. This will help ensure you do not waive your legal rights and to limit the potential damage. Time is of the essence.

Dr. Dexter Morse, LL.M, MSC, is director of Industry Risk Management & Insurance at International Air Transport Association (IATA) ( He has extensive global experience, is a regular speaker at conferences, and is the author of articles on diverse topics.