In many cases, the weakest links in a company’s cybersecurity defenses are the employees, for whom a simple or absent-minded mistake can lead to a successful ransomware attack, data theft, or other breach capable of causing long lasting damage. However, while the previous assumption has that these employee-initiated breaches are caused by either maliciousness or a lack of awareness of proper procedure, recent research shows that while these violations may be intention, its stress that is the main driver, according to an article in Harvard Business Review.
From a set of self-reported data from 330 remote employees, and an additional set of 36 in-depth interviews, this recent research found that employees were often breaking cybersecurity rules, but stating the major reasons as:
- to better accomplish tasks for my job,
- to get something I needed, and
- to help others get their work done
In conjunction with these reasons, which were used as justifications for 85% of reported violations, violations of protocols were observed to be more frequent on days in which those surveyed reported higher levels of stress. In comparison, only 3% of deliberate violations were reported to be due to maliciousness on behalf of the employee, suggesting that more focus should be paid to how cybersecurity protocols interact or interfere with day-to-day employee tasks.
Source:
https://hbr.org/amp/2022/01/research-why-employees-violate-cybersecurity-policies
