Modelling the stages of an organisational whistleblower’s journey

Whistleblowers perform an essential service in revealing wrongdoing. Most feel compelled to highlight nefarious organisational activities. If their efforts within the organisation are ignored and they feel driven to “go public”, disclosures can harm the organisation’s cybersecurity and whistleblowers themselves usually pay a high price for their actions. We argue that, rather than vilifying whistleblowers, organisations ‘harness’ their propensity to keep the organisation on the straight and narrow. To achieve this, it is crucial to understand the whistleblower’s journey from being triggered by some unethical organisational activity to the final external whistleblowing act. We reviewed the archival literature to produce a synthesis of whistleblower stages. We carried out a case study and interviewed two whistleblowers to inform derivation of a staged whistleblowing model. This makes it possible to identify pressure points for targeted interventions which can encourage internal whistleblowing and thereby prevent the tangential dismantling of organisational information security.