Fraud detection: the behavioural signs that expose insider threats

Feature | 11 June 2025

Fraud detection begins before the act, with perpetrators exhibiting early behavioural and linguistic signals that can reveal deceptive behaviour

Fraud is on the rise in Australia, with insider threats posing a growing risk to businesses. A recent report led by Docusign and Entrst says 61% of organisations are experiencing more frequent incidents of fraud, while the 2023 LexisNexis True Cost of Fraud Study – Asia Pacific report shows 66% of Australian businesses have reported a rise in fraud over the past year. For every dollar lost, businesses incur an average total cost of $3.68, factoring in recovery, legal, and operational expenses.

With fraud on the rise, the ability for organisations to detect insider threats early is more critical than ever.

Every fraudster carries an involuntary informant: their own body, according to Julian Claxton, Managing Director of Jayde Consulting. Speaking at the Protective Security Summit NSW held at UNSW Sydney, co-hosted with the Australian Security Research Centre and Risk 2 Solution, Mr Claxton urged security managers to pay closer attention to human behaviour, specifically the involuntary signs that may signal deception before any wrongdoing occurs.

Julian Claxton, Managing Director of Jayde Consulting.jpeg — Julian Claxton said that deception triggers an automatic response in the brain, often long before a person acts or commits the fraud. Photo: Supplied

“Fundamentally, the body gives you away regardless of what you’re thinking. Every mistake you make, every lie you tell, follows a predictable pattern,” Mr Claxton explained. “The brain will give you away before the act itself, and it might justify the behaviour in the way you're thinking. And you might think ‘I can suppress this, I can control this,’ but your body and the actions through your body will always give you away.”

In a session titled “The Involuntary Informant: Human Behaviour as a Window into Insider Threats,” Mr Claxton outlined key behavioural insights to help security managers and their organisations better spot incidents of fraud before major damage is done.

Understanding how the brain gives us away

So how does the body give insider informants away? Mr Claxton explained that deception triggers an automatic response in the brain, often long before a person acts or commits the fraud. Specifically, he likened parts of the brain to an executive team responding to a threat.

First, the amygdala, acting as the brain’s chief security officer, senses danger and triggers emotional responses like fear. Next, the hypothalamus, or the chief operating officer, prepares the body by releasing adrenaline and cortisol. Meanwhile, the hippocampus, chief data officer, scans past memories to assess risk based on previous experiences. Finally, the prefrontal cortex, the brain’s chief executive officer, weighs up the consequences and decides what to do next. “You're consciously thinking about, should I or shouldn’t I? But your brain has already started processing the response, it's already started the physiological and chemical process to determine how you will handle the next steps,” Mr Claxton said.

Learn more: Inside the mind of employee fraudsters: why they cross the line

In high-stakes moments – including insider fraud – this internal “battlefield” floods the body with stress signals, many of which leak out involuntarily. “It’s the battlefield between all of these emotions,” he continued. “And when deception is involved, the amygdala often drives the initial response before the conscious brain can intervene. Cortisol, that stress hormone, spikes under the pressures of deception. It’s trying to maintain awareness, kick you in tip-top shape so you can hide the deception.”

Watch out for these physical and verbal red flags

One of the most telling physical or visual signs of an insider threat may come from a person’s micro-expressions – tiny, involuntary facial reactions that often reveal our true emotions. Security managers and leaders should therefore learn to spot these little windows of fear, disgust, sadness, or anger, as they often surface when someone is contemplating or covering up wrongdoing.

“Micro-expressions are the leaking of emotion, one of those seven emotions we mentioned earlier, through the face. It's a muscle contraction that takes, in most instances, about 1/25 of a second. And it's very, very revealing. You cannot control it,” Mr Claxton explained. “There is a tremendous amount of research on micro-expressions, particularly based on the extensive work of Dr Paul Ekman and others. If you learn how to identify them, that can be quite valuable."

In addition to body language, Mr Claxton said that linguistic cues are a goldmine for detecting deception in the workplace. Some of the most common verbal signs to watch out for include:

Hesitating longer than 1.5 seconds before answering.
Providing unnecessary or irrelevant information.
Becoming overly defensive, even when not directly accused.
Trying too hard to seem trustworthy (also known as “impression management”).

Photo gallery: The Protective Security Summit NSW 2025, hosted at UNSW Sydney

Mr Claxton gave an example of impression management: “You might say to the boss, hang on a sec, what are you inferring? I've been with this company for 22 years. I've been a loyal employee. I've done nothing wrong. I'm nothing but a good person. I'm a member of the scouts. I contribute. I give money to charity etc,” he said.

These shifts in speaking and tone of voice could potentially reveal internal cognitive stress, which is the brain scrambling to maintain deception under pressure.

Focus on baseline behaviour and notice shifts

One of Mr Claxton’s most important takeaways is not to judge these behaviours in isolation. Instead, try to focus on understanding each person's baseline behaviour – how they usually speak, act, and react – and then look for significant shifts in their behaviour. “Just because somebody stutters or hesitates doesn’t mean they’re guilty. They might actually stutter or hesitate as standard general behaviour,” he said.

Instead, detection depends on observing clusters of unusual actions, and shifts in tone, body language, or communication style compared to their normal self. “Understand what a person's baseline looks like... and look for a shift from that baseline,” Mr Claxton said. “You might start to see subtle shifts in people's behaviour, they might start squirming a little bit. They might suddenly be particularly rigid when following rules when previously they weren't.”

This helps avoid false positives while still identifying genuine warning signs of insider risk.

Build a culture of early detection

Finally, it’s important to recognise that insider threat behaviour often emerges early, sometimes even before a crime is committed. This early detection is especially valuable for security managers to identify and address potential risks proactively.

Subscribe to BusinessThink for the latest research, analysis and insights from UNSW Business School

Mr Claxton referenced espionage studies that track insider behaviour across several stages: planning, opportunity seeking, action, concealment, and escape. “It talks about indicators at every stage, from the concept, thinking about what you're going to do, planning what you're going to do, then seeing and identifying the opportunity, doing it, concealing it, and then the consumption of the escape. At every stage, you're going to see some of these indicators.”

In other words, fraudulent intent is often detectable long before it turns into a serious breach. “The moment a person starts seriously thinking about stealing a file or committing fraud, their body is already betraying them," Mr Claxton reiterated. “Deception will set up a neurochemical response, and it slips past conscious control. There is nothing you can do to control those physiological outputs at the time that they occur,” he said. “What the mind conceals, the body reveals.”

He urged organisations to train staff in reading behavioural clues and building a culture of early detection. “Learn it yourself. Teach amongst your employment, your employee base, how to recognise those indicators so that you can stop the threat before the threat stops you," Mr Claxton said.

Recognising these early signs can empower organisations to intervene early, protecting assets, reputation, and safety. “You don’t have to be an expert to know something isn’t right – trust your gut instinct as a clue to look a bit closer than jump to conclusions.”

Security Psychology Data Corporate Governance Behaviour Risk Ethics

Republish this article

Republish

You are free to republish this article both online and in print. We ask that you follow some simple guidelines.

Please do not edit the piece, ensure that you attribute the author, their institute, and mention that the article was originally published on Business Think.

By copying the HTML below, you will be adhering to all our guidelines.

Press Ctrl-C to copy

<h1>Fraud detection: the behavioural signs that expose insider threats</h1>

<figure><img src="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/d19a033e-aaa9-4961-95fc-1245da0b631c/Why%20organisations%20must%20focus%20on%20early%20detection%20of%20insider%20threats.jpeg?w=1320" alt="Learn how to detect fraud early using involuntary human behaviour cues like stress reactions, speech patterns and facial expressions" /><figcaption>Learn how to detect fraud early using involuntary human behaviour cues like stress reactions, speech patterns and facial expressions</figcaption></figure>
                                    <p>Fraud is on the rise in Australia, with insider threats posing a growing risk to businesses. A recent <a href="https://www.docusign.com/en-au/resources/whitepapers/the-future-of-global-identity-verification" data-new-window="true" target="_blank" rel="noopener noreferrer">report led by Docusign and Entrst</a> says 61% of organisations are experiencing more frequent incidents of fraud, while the <a href="https://risk.lexisnexis.com/global/en/insights-resources/research/apac-true-cost-of-fraud-study" data-new-window="true" target="_blank" rel="noopener noreferrer">2023 LexisNexis True Cost of Fraud Study – Asia Pacific</a> report shows 66% of Australian businesses have reported a rise in fraud over the past year. For every dollar lost, businesses incur an average total cost of $3.68, factoring in recovery, legal, and operational expenses. </p>
<p>With fraud on the rise, the ability for organisations to detect insider threats early is more critical than ever. </p>
<p>Every fraudster carries an involuntary informant: their own body, according to Julian Claxton, Managing Director of Jayde Consulting. Speaking at the Protective Security Summit NSW held at UNSW Sydney, co-hosted with the Australian Security Research Centre and Risk 2 Solution, Mr Claxton urged security managers to pay closer attention to human behaviour, specifically the involuntary signs that may signal deception before any wrongdoing occurs. </p>
<figure class="figure"><img src="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/de16c587-90aa-4088-91ef-da4362dddfa4/Julian%20Claxton%2C%20Managing%20Director%20of%20Jayde%20Consulting.jpeg" class="figure-img" alt="Julian Claxton, Managing Director of Jayde Consulting.jpeg"><figcaption class="figure-caption">Julian Claxton said that deception triggers an automatic response in the brain, often long before a person acts or commits the fraud. Photo: Supplied</figcaption></figure>
<p>“Fundamentally, the body gives you away regardless of what you’re thinking. Every mistake you make, every lie you tell, follows a predictable pattern,” Mr Claxton explained. “The brain will give you away before the act itself, and it might justify the behaviour in the way you're thinking. And you might think ‘I can suppress this, I can control this,’ but your body and the actions through your body will always give you away.”</p>
<p>In a session titled “The Involuntary Informant: Human Behaviour as a Window into Insider Threats,” Mr Claxton outlined key behavioural insights to help security managers and their organisations better spot incidents of fraud <em>before</em> major damage is done. </p>
<h2><strong>Understanding how the brain gives us away </strong></h2>
<p>So how does the body give insider informants away? Mr Claxton explained that deception triggers an automatic response in the brain, often long before a person acts or commits the fraud. Specifically, he likened parts of the brain to an executive team responding to a threat. </p>
<p>First, the amygdala, acting as the brain’s chief security officer, senses danger and triggers emotional responses like fear. Next, the hypothalamus, or the chief operating officer, prepares the body by releasing adrenaline and cortisol. Meanwhile, the hippocampus, chief data officer, scans past memories to assess risk based on previous experiences. Finally, the prefrontal cortex, the brain’s chief executive officer, weighs up the consequences and decides what to do next. “You're consciously thinking about, should I or shouldn’t I? But your brain has already started processing the response, it's already started the physiological and chemical process to determine how you will handle the next steps,” Mr Claxton said. </p>
<p><a class="o-btn o-btn--primary" href="https://www.businessthink.unsw.edu.au/articles/employee-fraud-motivations-and-prevention-strategies" target="_self">Learn more: Inside the mind of employee fraudsters: why they cross the line</a></p>
<p>In high-stakes moments – including insider fraud – this internal “battlefield” floods the body with stress signals, many of which leak out involuntarily. “It’s the battlefield between all of these emotions,” he continued. “And when deception is involved, the amygdala often drives the initial response before the conscious brain can intervene. Cortisol, that stress hormone, spikes under the pressures of deception. It’s trying to maintain awareness, kick you in tip-top shape so you can hide the deception.” </p>
<h2><strong>Watch out for these physical and verbal red flags </strong></h2>
<p>One of the most telling physical or visual signs of an insider threat may come from a person’s micro-expressions – tiny, involuntary facial reactions that often reveal our true emotions. Security managers and leaders should therefore learn to spot these little windows of fear, disgust, sadness, or anger, as they often surface when someone is contemplating or covering up wrongdoing. </p>
<p>“Micro-expressions are the leaking of emotion, one of those seven emotions we mentioned earlier, through the face. It's a muscle contraction that takes, in most instances, about 1/25 of a second. And it's very, very revealing. You cannot control it,” Mr Claxton explained. “There is a tremendous amount of research on micro-expressions, particularly based on the extensive work of <a href="https://www.psychologytoday.com/au/contributors/paul-ekman-phd" data-new-window="true" target="_blank" rel="noopener noreferrer">Dr Paul Ekman</a> and others. If you learn how to identify them, that can be quite valuable."</p>
<p>In addition to body language, Mr Claxton said that linguistic cues are a goldmine for detecting deception in the workplace. Some of the most common verbal signs to watch out for include: </p>
<ul>
  <li>Hesitating longer than 1.5 seconds before answering.  </li>
  <li>Providing unnecessary or irrelevant information. </li>
  <li>Becoming overly defensive, even when not directly accused. </li>
  <li>Trying too hard to seem trustworthy (also known as “impression management”). </li>
</ul>
<h2>Photo gallery: The Protective Security Summit NSW 2025, hosted at UNSW Sydney</h2><div class="o-slide" data-module="slickjs" data-module-options="{key: 'hero', slidesToShow: 1, arrows: true, dots: true}"><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/fdfbeefb-7148-4c3e-b85f-4e4f2188e568/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%281%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/150e1c0e-ad31-4fdf-84c5-bca3f8872ae0/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%288%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/564ea861-0468-4c23-a2f4-ed3ac7be6edd/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2811%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/68323a45-4112-411e-ad7a-7d2f38c57ce7/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%282%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/f172ba2f-a9d9-4457-93df-c72daacecf99/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%286%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/ceca26d5-8ae7-49d7-bc19-90b886f3e338/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%289%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/d3bfeacb-66ee-4942-930b-41e0f5a606ac/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2810%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/c261556b-9d27-4844-839e-bd8296b2dfbc/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2812%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/9e5a8598-261d-4f27-8cfc-2038a6ac59a6/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2813%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/60ed2948-3377-4730-b680-ceec05c8ddb6/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2815%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/acce419e-0378-4c87-bfa6-2e88424fc0a3/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2814%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/18a2e4b0-f3ef-4335-b07e-45c4267656e7/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2816%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/2305abc8-2ac9-4d27-b98d-9fbf596c4018/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2817%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/021d6b80-8198-4f45-a04f-4196a4c5f284/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2819%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/fd0fd2e0-48cb-4adb-847b-67808345efa7/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2822%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/f9ae2686-f424-48e2-a75f-fc8020c47603/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2823%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/b57f3d0a-9337-48a0-9f63-197a6afba432/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2824%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/794d8855-2271-4d6e-9d78-5bdc69c076cf/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2825%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/581696c3-c67d-4c70-bef1-e4b9c75583b6/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2826%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/d08f4a33-34b4-4f62-b241-7ecb6f22ea62/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2827%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/8c2c8249-037d-4b7c-8306-f0a0095c4a97/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2856%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/853f9895-ffc8-4fab-8c57-a54c7e139a52/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2829%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/479ff38d-d132-46f4-b101-475f5a4311a2/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%285%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/bc754b2c-95e0-42b6-9056-489648b5851b/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2843%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/4f76958a-d6cd-468e-9aa5-935b82da79ad/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2832%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/34642904-234f-4097-8aa0-f227afe04c67/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2830%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/46e7a735-9096-4b31-b2a1-1ee7ae2f6a85/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2874%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/16b42153-d2c9-4ba2-aa2f-7fd41ab13f36/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2835%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/7b5287e7-e9ed-4ee1-afe0-c2086eb5f58d/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2836%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/837ca895-a3e9-4280-9deb-df350fdc016b/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2861%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/3634a76e-4bc1-47d7-880c-e8f4ec1ab7b5/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2837%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/d2f0dddf-a9ea-4505-a099-434cb4523274/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2840%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/ae7ed8ff-f7f4-4d37-a072-9fc12e2eac74/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2841%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/9935c9aa-31d8-4e64-900b-0fc5890770f0/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2844%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/1e0cf5f1-5a5e-40a2-9f6e-14e3ae92f2d7/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2847%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/4e7c9ff2-9e78-418d-8f05-e723eb579729/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2855%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/4851a82e-f888-4eb3-a9fe-2cb71164bd1a/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2865%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/4a0ee281-a590-4872-8f6e-987dc7699f0e/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2868%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/90c98ac4-ace6-4912-ab62-e43e629aa684/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2866%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/68a6d0e4-a54a-490a-a466-60231d671204/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2872%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/1fcd6e06-01bc-4e82-9f6a-37c16732cf00/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2859%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/ba4a3891-d3d6-4aed-96b4-1ed05de00dc2/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2864%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/f622260b-983c-4920-9f6b-ec1305daa730/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2870%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/68aaf35b-4ab3-40ff-a85e-b1d3de031ca8/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2869%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/a429f31f-aa42-4a37-848e-fa1e6f4747ca/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2858%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/c02acda5-e291-4a8f-91b1-1b46e243c190/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2860%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/a9849e55-9a15-4e2a-a001-51ba3686346f/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2834%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/da4753c6-1536-42ce-b2b0-2ce2466694ce/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2867%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/f7718950-c118-4fd1-b99b-8b125124dec5/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2863%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/b70b30be-c42f-470e-b343-55740c6c469a/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2818%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/8bf9625f-20e0-41b7-bf3d-613d8d816195/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2853%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/65723f1d-3565-458b-96c1-aa2eff6292a2/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2849%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/eb441a59-6540-4f72-a0b6-3a9cf230a60d/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2845%29.jpg"></div></div><div class="slick-slide u-ovh o-slide__item"><div class="u-bgimg o-slide__item-img js-lazysizes" data-bgset="https://assets-us-01.kc-usercontent.com:443/4df0558d-5779-0012-00f2-b3fa06d6c950/3ce688c3-1850-4b87-bc18-fc5bfa2bfdc9/The%20Protective%20Security%20Summit%20%28UNSW%29%202025%20%2821%29.jpg"></div></div></div>
<p>Mr Claxton gave an example of impression management: “You might say to the boss, hang on a sec, what are you inferring? I've been with this company for 22 years. I've been a loyal employee. I've done nothing wrong. I'm nothing but a good person. I'm a member of the scouts. I contribute. I give money to charity etc,” he said.  </p>
<p>These shifts in speaking and tone of voice could potentially reveal internal cognitive stress, which is the brain scrambling to maintain deception under pressure. </p>
<h2>Focus on baseline behaviour and notice shifts </h2>
<p>One of Mr Claxton’s most important takeaways is not to judge these behaviours in isolation. Instead, try to focus on understanding each person's baseline behaviour – how they usually speak, act, and react – and then look for significant shifts in their behaviour. “Just because somebody stutters or hesitates doesn’t mean they’re guilty. They might actually stutter or hesitate as standard general behaviour,” he said. </p>
<p>Instead, detection depends on observing clusters of unusual actions, and shifts in tone, body language, or communication style compared to their normal self. “Understand what a person's baseline looks like... and look for a shift from that baseline,” Mr Claxton said. “You might start to see subtle shifts in people's behaviour, they might start squirming a little bit. They might suddenly be particularly rigid when following rules when previously they weren't.” </p>
<p>This helps avoid false positives while still identifying genuine warning signs of insider risk. </p>
<h2>Build a culture of early detection </h2>
<p>Finally, it’s important to recognise that insider threat behaviour often emerges early, sometimes even before a crime is committed. This early detection is especially valuable for security managers to identify and address potential risks proactively. </p>
<p><a class="o-btn o-btn--primary" href="https://www.businessthink.unsw.edu.au/subscribe" target="_self">Subscribe to BusinessThink for the latest research, analysis and insights from UNSW Business School</a></p>
<p>Mr Claxton referenced espionage studies that track insider behaviour across several stages: planning, opportunity seeking, action, concealment, and escape. “It talks about indicators at every stage, from the concept, thinking about what you're going to do, planning what you're going to do, then seeing and identifying the opportunity, doing it, concealing it, and then the consumption of the escape. At every stage, you're going to see some of these indicators.”</p>
<p>In other words, fraudulent intent is often detectable long before it turns into a serious breach. “The moment a person starts seriously thinking about stealing a file or committing fraud, their body is already betraying them," Mr Claxton reiterated. “Deception will set up a neurochemical response, and it slips past conscious control. There is nothing you can do to control those physiological outputs at the time that they occur,” he said. “What the mind conceals, the body reveals.” </p>
<p>He urged organisations to train staff in reading behavioural clues and building a culture of early detection. “Learn it yourself. Teach amongst your employment, your employee base, how to recognise those indicators so that you can stop the threat before the threat stops you," Mr Claxton said. </p>
<p>Recognising these early signs can empower organisations to intervene early, protecting assets, reputation, and safety. “You don’t have to be an expert to know something isn’t right – trust your gut instinct as a clue to look a bit closer than jump to conclusions.”</p>

Comments

Feature

Fraud detection: the behavioural signs that expose insider threats

Understanding how the brain gives us away

Watch out for these physical and verbal red flags

Photo gallery: The Protective Security Summit NSW 2025, hosted at UNSW Sydney

Focus on baseline behaviour and notice shifts

Build a culture of early detection

Republish

Related

How to master strategic thinking and lead with impact

The business case for hybrid work: Focus on profit (not productivity)

Goals, pivots and passion: A CEO’s leadership lessons

Lessons in leadership and high performance from the Sydney Swans

Find an expert

Connect