The battle against cybercriminals is more complex and challenging than ever before. As technology evolves and cyberthreats grow more sophisticated, it’s important to fight fire with fire by deploying state-of-the art solutions and partnering with experienced cybersecurity experts.
But there’s another aspect of this battle that organizations can’t afford to ignore: Employee morale and company culture. While strong morale and culture can help companies protect against cyberthreats, weak morale and culture can make them more vulnerable.
Impact of Morale on Cybersecurity
Low employee morale can be a contributing factor to security breaches. When employees are unhappy, unmotivated, or disengaged, they may be more susceptible to bribery or social engineering attacks. Cybersecurity often requires vigilance, diligence, and adherence to protocols. Employees with low morale are less likely to take cybersecurity seriously, potentially undermining the organization’s overall security posture; a study by the Ponemon Institute found that cyberattacks caused by employee negligence cost companies an average of nearly $485,000 per incident. The cost of incidents caused by employees or contractors with malicious intent was even steeper: more than $648,000 on average.
There have been several noteworthy cybersecurity compromises attributed to bribery or disgruntled employees. Here are a few examples:
- Tesla and the Sabotage Incident (2018): A former Tesla employee, who was disgruntled after being denied a promotion, was accused of sabotaging the company’s manufacturing operations. This individual allegedly tampered with Tesla’s manufacturing software, stole sensitive data, and sent it to third parties. The motive appeared to be revenge against the company.
- Twitter Bitcoin Scam (2020): In July 2020, several high-profile Twitter accounts, including those of Barack Obama, Elon Musk, and Bill Gates, were compromised in a Bitcoin scam. It was later revealed that the attack was an inside job, with hackers bribing a Twitter employee to gain access to the accounts.
- Mitsubishi Electric Data Leak (2020): In January 2020, Japanese electronics giant Mitsubishi Electric suffered a data breach that exposed sensitive information, including classified government documents. It was discovered that a Chinese national who had worked for a subsidiary of Mitsubishi Electric had been bribed into leaking the data.
Verizon’s Data Breach Investigations Report (DBIR), published annually, consistently reports that insider threats are a significant cybersecurity concern. While the report doesn’t always specify the exact method used (e.g., bribery), it emphasizes the importance of monitoring and managing the risk posed by disgruntled employees.
Fostering High Employee Morale
While no organization can ensure total employee contentment, they can undertake strategies to bolster employee morale and, consequently, strengthen cybersecurity.
- Communication: Too often, companies require employees to undergo cybersecurity training without making clear that better cybersecurity benefits employees themselves, not just their employers. Cyberattacks can cost companies hundreds of thousands or millions of dollars, hurting profitability. In contrast, avoiding data breaches and other security incidents can help maintain profitability and improve employee compensation. It can also help employees avoid the stress inherent in grappling with and recovering from a cyberattack.
- Recognition: Acknowledging and rewarding employees for their cybersecurity efforts can go a long way in boosting morale. In recognizing cyber aware employees – for instance, those who are diligent in adhering to security protocols and promptly reporting suspicious activities — not only helps those employees feel appreciated, but can encourage others to follow their lead. And recognition can come in many forms.
- Autonomy: Empowered employees are more likely to be engaged and committed to their organization’s goals, including protecting against cyberattacks. Providing employees with a certain level of autonomy in their work allows them to take ownership of their responsibilities, such as participating in cybersecurity training and adhering to the lessons they’ve learned.
- Direct Supervisor: The relationship between employees and their direct supervisors plays a vital role in morale. Supportive and effective leadership can help create a positive work environment, while poor leadership can have the opposite effect. What’s more, employees who respect and get along with their leaders may be more likely to listen when leaders emphasize the importance of taking cybersecurity seriously.
Cyber threats have evolved beyond technical vulnerabilities, and employees have become a significant point of entry for attackers. Recognizing the signs of low morale and taking steps to improve it can substantially enhance an organization’s cybersecurity posture. By improving communication, offering recognition, providing autonomy, and nurturing strong leadership, companies can create a workforce that is more engaged, motivated, and committed to safeguarding against cyber threats. In this way, organizations can build a formidable defense against cybercriminals and ensure the long-term security of their digital assets.