image: Emmanuel Anti
Credit: Photo: University of Vaasa
While most organisations address cybersecurity issues with technology and surveillance, Emmanuel Anti’s research argues that empathy may be a more effective defence. His doctoral dissertation at the University of Vaasa explores insider deviance, and how understanding the human elements related to it can lead to stronger, more sustainable cybersecurity practices.
Insider threats and deviance occur when employees, contractors or former staff misuse their access to an organisation’s systems – either deliberately or by accident. Emmanuel Anti’s research in information systems science sheds light on the human side of these incidents, showing that fear, stress, culture, morality and ethics, and emotional strain can all contribute to deviant digital behaviours.
– People do not always plan to break the rules. Unintentional acts like sending confidential emails to the wrong person or falling victim to a phishing attack may arise from the same root causes, such as stress, pressure and an unsupportive work culture, Anti explains.
Some employees also display so-called “deviant creativity” – finding clever and novel ways to bypass security restrictions. Using insider knowledge in clever but risky ways can expose the organisation to cybersecurity threats. For instance, an employee might email sensitive files to their personal account to save time and finish work off-site, knowing the system won’t flag unclassified data or block personal addresses.
– When security systems and policies are too rigid, employees create workarounds. To strengthen compliance and security culture, organisations must first understand what motivates people to bypass the rules, Anti says.
Technology alone cannot solve insider risks
Traditionally, organisations have relied on technological tools to manage insider threats, but Anti argues this approach fails by ignoring the human element. Today’s tools, including AI systems used to monitor employees, can misread work quality, rewarding speed over care and branding thoughtful, careful workers as inefficient. Over time, this can create frustration, strain, and mistrust.
– Rather than preventing insider threats, these tools can help cause them. Insider deviance becomes a reaction to emotional, contextual, and environmental pressures, Anti warns.
His dissertation proposes an alternative: an empathetic security model grounded in design thinking. This approach encourages organisations to co-create cybersecurity policies with employees, focusing on understanding their needs, motivations and emotional well-being.
– Empathy builds trust. When employees feel understood, they are more likely to report mistakes instead of hiding them, and to follow security rules because they helped create them, Anti concludes.
Dissertation
Anti, Emmanuel (2025). Insider Deviant Behavior in Cybersecurity. Acta Wasaensia 570. Doctoral dissertation. University of Vaasa.
Public defence
The public examination of M.Sc. Emmanuel Anti’s doctoral dissertation ”Insider Deviant Behavior in Cybersecurity”will be held on Tuesday 2 December 2025 at 12 (UTC+2) at the University of Vaasa, auditorium Kurten.
It is possible to participate in the defence also online: https://uwasa.zoom.us/j/68520234877?pwd=XXoMegtobfMbKLt8nBdcXO9qrLpXI7.1
Password: 067919
Associate Professor Wael Soliman (University of Adger) will act as opponent and Professor Tero Vartiainen as custos.
Further information
Emmanuel Anti was born in 1985 in Ghana. He completed a Master’s degree in Economics in Service Innovation and Management: Information Systems, and a Master’s degree in Engineering in Full Stack Software Development. He currently works as a Project Researcher at the University of Vaasa.