Building a culture of security within your organization requires four things:
1. Explicit policies and rules of behavior... If you don't want people to bring weapons to work... make sure you've written it down and communicated it.
2. Pre-arranged agreements between internal organizations to communicate in times of crisis... You don't want to encounter an insider threat situation and not know what information you should expect from HR, or legal, or IT.
3. Educated employees... Employees should understand the behaviors that could lead to insider threats. Train them and give them a truly anonymous way to leave insider threat tips. They can be your best advocates.
4. Using technology... From something as basic as reviewing event logs all the way to recording screen activity and monitoring external media and sources, simple and sophisticated tools exist to perform proactive alerts and simple forensics.
If your organization has some "secret sauce" you want to protect, then make sure your entire organization is on-board to protect it.