AbstractThis paper sets out 99 case studies of insider attacks that took place in the UK. The study involved interviewing investigators, heads of security, information technologists, law enforcement, security officers, human resource managers, line managers, and coworkers who knew the insider. The analysis elucidates how to identify insiders and pathways to these attacks. It also highlights examples of archetypal insiders, in addition to the ‘disgruntled employee’ (e.g., ‘the show off’, ‘the career criminal’, ‘the addict’, etc.). In contrast to other studies, this study highlights multiple pathways to an attack. A conceptual model is set out that considers indicators (both physical and cyber) that might be monitored in an insider risk detection programme. The model stressors need to continuously seek out methods to close down opportunities as well as to monitor behavioural change. It also elucidates potential deterrence and prevention strategies for organisations to consider in an ethical and legal manner.