with azbil
Trivia
Insider Misconduct
Data breaches caused by insider misconduct, such as the unauthorized removal of trade secrets or customer data and their disclosure to external parties, occur frequently within organizations. The main motivations include financial gain (e.g., selling information to rival companies), career advantages (e.g., leveraging information to negotiate better terms when changing jobs), and personal grievances in the workplace. Additionally, there have been cases where company-issued computers, external media, or documents containing sensitive information were taken home in violation of information management regulations, resulting in unauthorized disclosure due to misplacement or loss.
Unauthorized disclosures caused by insider misconduct not only damage public trust in an organization but also result in economic losses due to operational disruptions, recovery efforts, and compensation to affected customers. These consequences can lead to a decline in business performance and ultimately threaten the very foundation of organizational management.
Furthermore, knowingly using trade secrets improperly acquired and brought into one’s organization from an external source constitutes a violation of Japan’s Unfair Competition Prevention Act. Such acts may be subject to injunctions or claims for damages, and in serious cases, criminal penalties may also apply.
At a certain education-related company in Japan, an engineer from one of its group companies improperly acquired and sold personal information on approximately 35 million customers to a list broker, resulting in a major data breach. The company recorded extraordinary losses exceeding 20 billion yen, including customer compensation, leading to a net loss. Additionally, in one local government, an employee took home personal information on hundreds of thousands of citizens without authorization, intending to use it as reference material for work, leading to a serious data breach. The employee was subsequently dismissed as a disciplinary measure. Insider-related data breaches are often difficult to detect and, once discovered, can cause significant damage to an organization.
The Information-technology Promotion Agency, Japan (IPA) has published the Guidelines for the Prevention of Internal Improprieties in Organizations, which outlines the following five basic policies:
-
① Make crimes difficult (make it harder to commit misconduct):
Implement robust countermeasures to make it harder for individuals to engage in criminal activities.
-
② Increase the risk of detection (ensure misconduct is discovered):
Strengthen management and monitoring systems to increase the likelihood of detecting misconduct.
-
③ Reduce rewards from misconduct (so that it is no longer worth committing):
Prevent offenses by removing or concealing targets or making it difficult to gain benefits.
-
④ Reduce motivations for misconduct (making it less enticing):
Prevent offenses by reducing the motivation to commit them.
-
⑤ Eliminate justification for misconduct:
Eliminate the justifications that criminals use to justify their actions.
Compliance with management rules regarding personal devices and external media is essential. Equally important are mechanisms and safeguards that prevent trade secrets from being easily monetized, even if they are improperly removed from the organization.
Information-technology Promotion Agency, Japan (IPA), IT Security Center.
The Top 10 Information Security Threats (in Japanese)
Guidelines for the Prevention of Internal Improprieties in Organizations (in Japanese)
- *This article was translated from the Japanese version of the article published on September 10, 2025.