Assessing the ‘insider–outsider threat’ duality in the context of the development of public–private partnerships delivering ‘choice’ in healthcare services: A sociomaterial critique

Containing the ‘outsider’ threat to the information systems of organisations as well as recognising the disruptive potential of ‘insiders’ are fundamentals of security management. However, the recent development of public–private partnerships in the UK requires a reassessment of the continuing utility of such dualities. This paper draws upon a sociological understanding of the complexities of organisational practices as well as a grounded case study of the implementation of the NHS ‘Choose and book’ service across both public and private healthcare organisations in order to challenge these essentialist forms of sociotechnical analysis. The paper proposes a sociomaterial understanding of information systems and organisational dynamics that does not seek to separate out distinct ‘human’ and ‘technical’ information security risks. Rather, it asserts that the organisational outcomes of the introduction of new information systems are necessarily emergent and contingent, and it is with these indeterminate realities that security analysts have to engage.