The ‘emotional insider’: How subjective reality shapes security risks

We all experience stories differently – whether it’s a book adapted for the screen or a simple text message that lands the wrong way. Our emotions, biases, and personal contexts shape the way we interpret the world around us. But what happens when this subjectivity is exploited? In an era of increasing digital communication and emotional isolation, the risks of manipulation and insider threats grow.

Following Cifas’ Insider Threat Week, we caught up with one of our guest speakers, UK Finance’s Paul Maskall, to explore how emotional security isn’t just about improving workplace culture – it’s a fundamental pillar of organisational resilience and cyber defence.

Have you ever loved a book that has been adapted for film or TV? If so, did you agree with the casting direction of one or more of the characters? Perhaps even criticise the interpretation of the story or a relationship? Often, you just need to peruse a comment section of any new adaptation announcement to know that it is rarely agreed with, and people can have wildly different interpretations of a story or a character. I concede that the toxicity of comment sections of any social media post are shaky grounds for any evidence-based observations, but it doesn’t make it any less true.

The author can be the most evocative and descriptive writer on the planet, but they can only really give you a framework for you to fill in. Reading, by its nature is subjective – you project your thoughts, emotions, context and even biases on to the framework that the author creates. You fundamentally provide the interpretation. Is this really any different to how we communicate online?

Through messaging platforms, phone calls, emails, on or offline content and social media, this projection extends to everything we do. Rampantly, subjectively and emotionally interpreting communication, often in isolation of environmental and intuitive cues. Just like that text message from your partner you took the wrong way because you are stressed and distracted at work. The more polarised the emotion that I add to the concoction, the more distorted you get from reality.

With all of this in mind, what happens when someone reaches out and engages with the intention to manipulate? Whether through deception and impersonation, or an offer of something valuable in return for an action against an organisation. Just like any element of social engineering, emotion and context matters.

I could approach a thousand people, on or offline, and statistically I will come across someone with the ‘right’ vulnerability in that moment. Someone who matches the flavour of manipulation I chose to employ as a criminal. This could be isolation, loneliness, financial stress, depression, fear or anger, the list is endless. Just like the characters in books, we often fill in the gaps and project what we want to believe as opposed to reality.

Even in the absence of external manipulation, humans are incredibly good at creating our own story and rationalising our behaviour, especially in real or perceived isolation. The quality of line management, culture, policy and security all provide the environment to either grow or mitigate this. If the emotional wellbeing element is left unchecked – on one end of the spectrum you may have employee disengagement, but at the other, you could have an insider. One that has had the time to be able to rationalise their actions.

The crux of the issue is that we are simultaneously more connected, yet more isolated. Mental health is a growing issue, and it is about recognising that we need a new dimension to our best practice: emotional security. Understanding that our emotional wellbeing is absolutely critical to our overall organisational resilience, not just from performance perspective, but a security one.

Through Cifas’ Insider Threat Protect solution, organisations can access the Insider Threat Database to help them screen employees and mitigate risks before they arise. Additionally, for those who want to upskill in insider fraud prevention, Cifas Fraud and Cyber Academy courses and the Digital Learning programme can empower and equip workforces to identify and report threats at the earliest opportunity.

Join Paul Maskall and other experts for UK Finance’s ‘Key Conversation: Fraud’ event on 2 June, 12pm-6pm. The afternoon of discussion will centre on money mules and criminal recruitment tactics, the role of AI in fraud prevention, cyber fraud. Register: ukfinance.org.uk/events-training/key-conversation-fraud-2025