Exploring knowledge leakage risk in knowledge-intensive organisations: behavioural aspects and key controls

Abstract

Knowledge leakage poses a critical risk to the competitiveness advantages of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known in relation to the key factors of individual-level leaking behaviour. Therefore, the aim of this thesis was to explore security practitioners’ perspectives on the key enablers and inhibitors of behavioural knowledge leakage risk in the context of knowledge-intensive organisations. An exploratory, qualitative design was used to carry out the study. Moreover, seven security practitioners working in Australian organisations were recruited to participate in this research. The data were collected using semi-structured questions via two focus group discussions. The discussion sessions lasted between 90 and 120 minutes, including a 10-minute break. The sessions were audio recorded, transcribed, and thematically analysed following Braun and Clarke’s (2006) strategy. Furthermore, two main trends emerged from the analysed data. First, ‘interpersonal enabling factors’ included leaking behaviours and employees’ personality’ traits. Second, contributing ‘organisational practices around knowledge leakage mitigation’ included poor knowledge sensitivity classification systems and poor knowledge security management practices. In conclusion, it is essential that security practitioners address the key identified factors of behavioural leakage risk to mitigate the leaking incidents effectively. Three key security practices that were found to have a superior impact in mitigating leaking enablers included human resource management practices, knowledge security training and awareness practices, and compartmentalisation.