Skip to main content

Many organizations taking disciplinary action over cybersecurity blunders

(Image credit: Shutterstock / NicoElNino)

Many businesses are punishing employees for making cybersecurity mistakes, which is likely taking a toll on the mental health of the workforce.

According to a new report from CybSafe, 42% of organizations take disciplinary action against staff that make cybersecurity blunders, irrespective of the individual’s intentions.

Almost a third (63%) of businesses inform the guilty person’s line manager after a cybersecurity incident has taken place, while 15% even name and shame the employee responsible.

However, according to CybSafe, the disciplinary approach can have a variety of negative effects. Those punished for making mistakes reported a decrease in productivity and, in the long term, damage to overall mental wellbeing.

Further, employees in fear of reprimand are less likely to report incidents quickly (or at all), which could have serious consequences in scenarios in which malware spreads throughout a corporate network.

“People fall for phishing attacks and other cybersecurity mistakes because they’re human and because they have been trained to click links. Bad habits are difficult to shake, especially when today’s phishing attacks can be highly convincing,” explained Dr. John Blythe, Head of Behavioral Science at CybSafe.

“Formally punishing cybersecurity slips is, in the vast majority of instances, a problematic approach. It’s unfair and diminishes productivity. It can cause heightened levels of resentment, stress and scepticism about cybersecurity.”