When it comes to employees’ negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees’ negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.