A Chilling Case Study: The Cost of Insider Cyber Crime

In 2014, Morrisons, one of the UK's largest supermarket chains, fell victim to an insider cybersecurity threat that caused financial damage and severely impacted the company's reputation. This incident stands as a stark reminder of the potential harm insiders can inflict on an organization, regardless of its size or the robustness of its external cybersecurity measures.

An Unexpected Threat

The insider threat at Morrisons came from an unexpected source—an employee with legitimate access to sensitive information. Andrew Skelton, a senior internal auditor at Morrisons, harbored a grudge against the company due to a disciplinary incident. In retaliation, Skelton leaked the personal details of nearly 100,000 Morrisons employees.

This data included names, addresses, bank account details, and salaries. Skelton posted this information to data-sharing websites and sent it to newspapers, exposing employees to identity theft and financial fraud.

The Aftermath

The repercussions for Morrisons were severe: 

1. Financial Losses: 

2. Reputational Damage:

3. Legal and Regulatory Implications: Morrisons faced legal challenges, including a landmark ruling where the High Court held that the company was vicariously liable for the actions of its employee, although this decision was later overturned by the Supreme Court. 

Lessons Learned

The Morrisons incident highlights several critical lessons for other organizations: 

1. Insider Threat Awareness: Companies must recognize that threats can come from within and take steps to mitigate these risks through regular security audits and employee monitoring. 

2. Access Control and Monitoring: Limiting access to sensitive information based on the principle of least privilege and implementing robust monitoring systems can help detect unusual behavior patterns that may indicate malicious intent. 

3. Employee Relations and Management: Addressing employee grievances promptly and effectively can help prevent disgruntlement that could escalate into malicious actions. 

4. Cybersecurity Culture: Building a strong cybersecurity culture that includes training and awareness for all employees can reduce the risk of insider threats. 

Action Items

The Morrisons case serves as a critical example of the increasing dangers of insider threats in cybersecurity. It underscores the need for comprehensive security measures that go beyond traditional perimeter defenses to include insider threat detection and mitigation strategies. By learning from incidents like these, organizations can better protect themselves against the potentially devastating effects of insider cybersecurity breaches.

That's why CyberZek’s Global Insider Threat Manager (GITM) manages insider threats by creating a dynamic map of all role-based access controls and  using an AI behavior profiler to detect unusual and potentially dangerous behavior.  

This empowers organizations to quickly detect and mitigate malicious acts from employees in a universal, standardized manner that does not lead to anyone being ‘singled out’ until they behave in a way that invites further scrutiny.

Learn more about GITM at https://www.cyberzek.com/.