Abstract:This study investigates the risk of insider threatsassociated with different applications within a financial institution.Extending routine activity theory (RAT) from criminology literature toinformation systems security, hypotheses regarding how applicationcharacteristics, namely value, inertia, visibility, accessibility, andguardians, cause applications to be exposed to insider threats are developed.Routine activity theory is synthesized with survival modeling, specifically aWeibull hazard model, and users’ system access behavior is investigated usingseven months of field data from the institution. The inter-arrival times of twosuccessive unauthorized access attempts on an application are employed as themeasurement of risk. For a robustness check, the daily number of unauthorized attemptsexperienced by an application as an alternative measurement of risk areintroduced and a zero-inflated Poisson-Gamma model is developed. The Markovchain Monte Carlo (MCMC) method is used for model estimations. The results ofthe study support the empirical application of routine activity theory inunderstanding insider threats, and provide a picture of how differentapplications have different levels of exposure to such threats. Theoretical andpractical implications for risk management regarding insider threats arediscussed. This study is among the first that uses behavioral logs toinvestigate victimization risk and attack proneness associated with informationassets.
