The dangers of the insider threat to security have once again been put in the spotlight, following the revelation that close to 2,000 artefacts have been stolen from the British Museum by a serving member of staff.
Some of the artefacts reportedly date back more than two millennia, and include gold jewellery and gems. The majority of items were kept in a storeroom and weren’t on public display.
While values for the items are thought to be worth millions of pounds, commentators have also pointed to the long-term reputational damage to one of the UK’s largest tourist attractions.
The museum has admitted that the artefacts taken are considered to be “missing, stolen and damaged”.
An independent security review has been set up, to be led by Nigel Boardman, a former trustee of the museum, and Lucy D’Orsi, the Chief Constable of the British Transport Police. The review is expected to make “recommendations on future security arrangements”.
Reports indicate that a member of staff within the museum is to blame, having been able to remove artefacts from the collection without detection – many may not have been properly catalogued on a digital database.
Peter Higgs, an expert in antiquities at the museum, has since been sacked and is under investigation, though no arrests have been made. He has denied any wrongdoing.
A former member of staff has since spoken to The Independent, claiming that the British Museum “really does need to review its security policy”.
The spokesperson pointed towards “spotty” cataloguing, a lack of monitoring of stores and accountability of access control.
They also highlighted the low pay levels for staff.
Several of these issues raised point towards key motivations for insider threat actors. Low pay is likely to result in disgruntled employees, while poor security processes and accountability increase the risk of staff members believing a malicious act is possible without reprimand.
The UK’s National Protective Security Authority (NPSA), formerly known as CPNI, provides advice on the matter and has developed a Personnel Security Maturity Model.
Additional research into what motivates the insider threat found several reasons, though financial gain is thought to be the clear factor behind 47% of cases.
