Office workers fear culture of blame over cyber security incidents
Nearly three-quarters of office workers believe their employer holds staff personally responsible for cyber security incidents, according to a survey by Censuswide on behalf of IT.ie and SonicWall. Furthermore, The poll of 1,000 office workers based in Ireland found more than a quarter (29%) of respondents reported at least one person in their company had been fired for accidentally causing a breach in the last 12 months.
More than a third (38%) of respondents believed their company ‘always’ holds employees responsible for cybersecurity incidents, while 35% said it did so ‘sometimes’.
The survey also explored the personal impact of cybersecurity threats and incidents on workers. It found that 50% of respondents felt stressed about cyber security in their job. This is despite the fact that the majority (60%) of respondents believed employees were not to blame for unintentional breaches and incidents.
The personal toll of causing a cyber security breach also painted a picture of a workforce under stress. Almost two-thirds (64%) of office workers said they would leave, or consider leaving, their job if they were to cause a breach. Meanwhile, 79% advocated for organisations providing mental health support to those who fell victim to cyber security attacks.
Despite the mounting pressure felt by employees to circumvent a growing volume of increasingly sophisticated threats, the research found that many did not feel comfortable reporting cyber security concerns to the relevant people. More than a third (36%) of those surveyed admitted they had neglected to report a breach in the last 12 months, with the top reason for this cited as embarrassment, followed by fear of repercussions.
Eamon Gallagher, founder and managing director, IT.ie, said: “This research shows that businesses are, understandably, under enormous pressure due to the growing threat posed by cybercriminals. However, that pressure is wrongly being felt on a personal level by employees. While it is on all of us to be vigilant, the average office worker is not a cyber security expert; the onus is on business and IT leaders to ensure they have taken every step possible to safeguard their business and people.
“Stringent cyber security measures will become legally binding for EU organisations who fall under the NIS2 directive later this year. It places the responsibility back on senior leaders to oversee training, security and business continuity measures that ensure that if, and when, a breach does happen, its impact is minimal.”
Stuart Taylor, regional director for Northern Europe, Sonicwall, said: “Our research underscores a critical issue in workplace cyber security culture. Blaming individuals for breaches not only fails to address the root causes of cyber incidents but also creates an environment of fear that can restrict transparency. It’s important for organisations to build a positive atmosphere where employees feel empowered to report concerns without the fear of repercussions. As cyber threats evolve, so must our approaches to security -prioritising collective responsibility and proactive measures over a culture of blame.
“By investing in security training, businesses can better equip their teams to navigate the complex cyber security landscape and protect themselves from the increasingly sophisticated tactics of cybercriminals. It’s equally important to stay ahead by implementing the latest cyber security defences, ensuring comprehensive protection against emerging threats.”
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers