Abstract
Insider threats pose significant challenges for organizations, causing severe financial and reputational damage. This study aims to develop a tool for measuring human, technical, and organizational factors contributing to insider threat risk levels in Malaysia’s information and communications technology (ICT) sectors. We examined 40 items across these factors, validated by experts for content and criterion validity. We conducted a pre-test, adjusted based on expert feed-back, and conducted a pilot study with 110 respondents from government agencies, ICT companies, and public tertiary institutions in Malaysia. Using IBM Statistical Package for Social Sciences, version 25.0, we performed exploratory fac-tor analysis and tested the data with Bartlett’s Test of Sphericity and Kaiser-Meyer-Olkin sampling adequacy tests. Cronbach’s alpha assessed item reliability. The EFA grouped fifteen human factor items into three components: per-sonal problems, negative personality traits, and inadequate security training. Four technical factor items formed one component, while fifteen organizational factor items split into issues with organizational practice, inadequate risk man-agement, and ineffective management systems. Six insider threat risk level items formed a single component. Bartlett’s Test of Sphericity was highly significant (Sig. < 0.001), and KMO values for all constructs exceeded 0.7, indicating ex-cellent sampling adequacy. The overall Cronbach’s alpha value for 40 items was 0.97, confirming the instrument's con-sistency and stability. These findings provide a reliable tool for predicting insider threat risk levels in Malaysia’s ICT sectors, useful for researchers and practitioners alike.
Keywords: Cyber Security, Exploratory Factor Analysis, Insider Threat, ICT, Multidimensional.