Risk Management and Insider Threats Mitigation in a Digital Environment: An Empirical Study

Abstract

Insider threats remain one of the most persistent and damaging risks to organizational information security, largely because trusted access, human behavior, and governance weaknesses allow them to bypass traditional perimeter-based controls. As organizations increasingly adopt digital transformation, cloud computing, and remote work arrangements, the scale and complexity of insider threats continue to grow. This study empirically examines the role of enterprise risk management (ERM) in enhancing the effectiveness of insider threat mitigation by integrating governance, technical, and human-centric controls.
Using a quantitative, cross-sectional research design, data were collected from 210 cybersecurity, risk management, audit, and compliance professionals across multiple industries in North America and Europe. The study employs descriptive statistics, correlation analysis, hierarchical multiple regression, and moderation analysis to evaluate the relationships among ERM maturity, access control enforcement, monitoring and analytics capability, security awareness training, and insider threat mitigation effectiveness.
The results indicate that ERM maturity is a significant predictor of insider threat mitigation effectiveness, accounting for a substantial proportion of the variance in organizational outcomes. Furthermore, access controls, continuous monitoring, and security awareness independently contribute to improved mitigation effectiveness. Importantly, interaction effects reveal that security awareness training positively moderates the effectiveness of technical controls, demonstrating a complementary relationship between human-centric and technical measures