For those charged with protecting company assets, a couple of recent news items raised red flags about dishonest insiders.
First, were results from the latest Hiscox Embezzlement Study, “An Insider’s View of Employee Theft,” which found the average case lasts over two years and causes loss in excess of $350,000. The latest survey didn’t slice the data by industry, but previous years’ studies showed that while retailers are less likely to be a victim of insider embezzlement than companies in many other industries, retailer suffer financial harm nearly double the overall average.
The Hiscox survey report provided an example: “An employee of a high-end New York department store recruited other sales associates to make purchases on store computers using stolen credit card information. They then sold the designer goods on the black market. The group got away with $430,000 in fraudulent purchases before the scheme was discovered.”
The next disturbing news item was a survey in August of workplace behavior conducted at the Blackhat USA 2019 conference. Gurucul, a behavior-based security and fraud analytics technology company, surveyed 476 IT security professionals at the show and learned:
- 24% would take company information to help apply for a role at a competitor.
- 44% spend at least one hour per day on non-work web sites, including 32% of those in retail.
The studies underscore the risk from dishonest insiders, with which LP leaders are well acquainted. To maximize efforts to combat cheating employees, however, it’s worth considering an important discovery by social scientists who have examined insider schemes and unethical workplace behaviors—the “two-person rule” isn’t always enough.
A “two-person rule” calls for two authorized persons to be present and in a position from which they can positively detect incorrect or unauthorized behavior with respect to a task or operation being performed. So, for example, a security policy might require two persons to be present when uncontrolled access to funds could provide opportunity for diversion by falsification of accounts. Or when uncontrolled delivery or receipt for materials could provide opportunity for pilferage through “short” deliveries and false receipts.
Having two people present in such cases certainly helps prevent dishonest behavior, but the basic premise—that two dishonest employees are less likely than just one—isn’t ironclad (“Cheating More When the Spoils are Split,” Organizational Behavior and Human Decision Processes).
It’s not uncommon that an individual’s dishonest behavior might benefit others. Athletes who cheat by using performance enhancing drugs boost their careers, certainly, but they probably also help their team’s performance. And remember Bernie Madoff? His Ponzi scheme ultimately caused harm, but—for a time—he could ease his guilt by telling himself that others were getting rich off the scheme as well.
The question the research study asked was this: How do these third-party benefits of cheating influence whether an individual is likely to cheat? One experiment examined whether participants cheat more to gain money when the additional money is split between themselves and another person than when they alone enjoy the spoils. Another tested how incidence of cheating might change depending on how spoils are divided.
The results of the experiments don’t repudiate the value of the two-person rule, but they do offer LP executives a good reminder that unethical behavior is a complicated psychological issue, something that can’t be eradicated with simple oversight. “Self-interest clearly motivates people to behave unethically,” said the researchers. “However, the studies here indicate that people may actually be more likely to behave unethically when they do not capture all of the benefits that the unethical behavior yields.”
The reasoning is straightforward. Most people have a need to see themselves as moral, which places a limit in how unethically people behave in order to maintain that view. “When we can rationalize that our unethical behavior benefits others as well, we may be able to simultaneously act unethically and preserve our positive view of ourselves.”
The above study is not the only one to observe the phenomenon. In recent experiments with college and graduate students, researchers discovered similar results (“Self-serving Altruism? The Lure of Unethical Actions That Benefit Others,” Journal of Economic Behavior & Organization). “The results show that whenever cheating benefits other people, dishonesty increases, and that this increase is influenced by the number of people who stand to benefit from one’s own unethical actions. The more people can benefit from an individual’s unethical actions, the greater the cheating. This result is consistent with our predictions and suggests that the presence of other beneficiaries facilitates dishonest behavior.”
The lesson is not only relevant to insider theft. Indeed, research suggests that “minor” unethical behavior—such as cheating customers to improve sales and boost the company’s bottom line—is the most likely to be influenced by a justification of “benefiting others.” Not recording security lapses, failure to report safety violations, inflated job performance evaluations are other examples. Broadly speaking, the results suggests that security directors concerned with ethical staff behavior should examine dishonesty not only at the individual level but also at the group level, where employees can influence one another through both their ethical and unethical behavior.
Finally, an additional set of experiments suggests that cheating, lying, and stealing should be of greatest concern in competitive workplace environments (“Sloppy Work, Lies, and Theft: A Novel Experimental Design to Study Counterproductive Behavior,” Journal of Economic Behavior & Organization). Productivity is highest under competition, but so too are counterproductive workplace behaviors (CWBs), said researchers. CWBs are voluntary acts that are detrimental to the organization, such as employee theft, lies, slow and sloppy performance, sabotage, tardiness, and absenteeism.