<p>Insider threat is one of the main issues faced by
organizations as information systems become inherent to the success and
competitiveness of businesses in contemporary environments. However, there is
insufficient understanding of the phenomenon of insider threat by information
security managers responsible for ensuring the availability, confidentiality,
and integrity of data and information systems. Therefore, it is crucial to
address issues related to insider threat. The focus of this phenomenological qualitative
research was on the lived experiences of information security managers’ perceptions,
understanding, and how they employ mechanisms to reduce cyber-crimes
perpetrated in U.S. East Coast organizations. The research questions examined
how information technology (IT) managers experienced and understood insider
threats and how their experiences and understanding shaped their behavior to
curb insider threat. The social control theory was useful for the purpose of
explaining the reasons why individuals with legitimate access could decide to
exploit vulnerabilities in the critical assets of businesses. Twelve
participants, all IT security managers, selected through purposive sampling for
semi-structured one-to-one interview, took part in the study. Findings from the
study indicated that malicious insider threats pose a growing risk to
organizations and inadvertent insider threats were more common but less
damaging than malicious insider threats. Further, insider threats were
associated with disgruntled employees who committed sabotage or theft to meet
financial needs and revenge. Experience and understanding of insider threats
influenced IT managers to advocate for the implementation of training to raise
awareness of security policies to deter insider threats. Based on the findings,
IT security managers should use technical and administrative approaches to
prevent, detect, and monitor systems to control insider threats.</p>