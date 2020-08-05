Infosecurity Group Websites
Latest
News

Punishing Cybersecurity Errors Found to be Counterproductive

Over four in 10 (42%) organizations take disciplinary action against employees who make cybersecurity errors, which puts them at greater risk of attack, according to a new study by CybSafe.

In a survey of UK businesses, it was found that mistakes such as falling for simulated phishing scams are regularly punished. This includes naming and shaming employees (15%), decreasing access privileges (33%) and locking computers until appropriate training has been completed (17%). Additionally, 63% of organizations will inform the employees’ line manager when cyber-mistakes are made.

As part of the research, CybSafe conducted a lab-based experiment to test the impact of these kinds of punishments. It found that doing so has a “highly detrimental” impact on staff, with punishments increasing anxiety levels and reducing productivity. The findings suggest punishments may have a long-term impact on employees’ mental health and actually reduce their cyber-resilience.

Dr John Blythe, head of behavioural science at CybSafe, commented: “People fall for phishing attacks and other cybersecurity mistakes because they’re human and because they have been trained to click links. Bad habits are difficult to shake, especially when today’s phishing attacks can be highly convincing.”

“Formally punishing staff for making cybersecurity slips is, in the vast majority of instances, a problematic approach. It’s unfair and diminishes productivity. It can cause heightened levels of resentment, stress, and scepticism about cybersecurity.”

Blythe added that this kind of approach may make staff more reluctant to report cybersecurity errors quickly, putting organizations in more danger.

Dr Matthew Francis, executive director at CREST, said: “The findings have highlighted how some well-meaning organizations are negatively impacting their cyber-resilience by ‘outing’ or reprimanding individuals and that cybersecurity errors can serve as positive opportunities to educate people, to trigger long-term and sustained changes in security awareness and behavior.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Malware Author Admits Role in $568m Cyber-Fraud

2
News

Second Data Breach at Kentucky Unemployment System

3
News

FBI Issues Online Shopping Scam Alert

4
News

WastedLocker Ransomware “Most Sophisticated Attack” Outside Nation State Use

5
News

Cosmetics Giant Avon Leaks 19 Million Records

6
News

Havenly Breach Hits Over 1.3 Million Accounts

1
Opinion

Building a Blueprint for a Successful Micro-segmentation Implementation

2
News

Punishing Cybersecurity Errors Found to be Counterproductive

3
News

Michigan's Largest Healthcare Provider Phished Again

4
News

FBI Issues Online Shopping Scam Alert

5
News

Facebook Seen as Riskiest Online Platform

6
News

WastedLocker Ransomware “Most Sophisticated Attack” Outside Nation State Use

1
Webinar

Key Technologies, Strategies and Tactics to Fight Phishing

2
Webinar

Using a Managed Security Service Provider in 2020: Everything You Need to Know

3
Webinar

Mobile and Web App Security: Mitigating Risks and Protecting APIs

4
Webinar

Securing Remote Access to Critical Infrastructure: The Key to Industrial Digital Transformation

5
Webinar

Identity Management for a Dynamic Workforce: Zero Trust Versus Risk-Based Security

6
Webinar

Mitigating the Security Risks and Challenges of Office 365

1
News Feature

Russian Attacks on #COVID19 Vaccine Developers: How, Why and What Happens Next?

2
Interview

Interview: Pete McShea, Information Privacy Officer, Aires

3
Opinion

No Time for Email Protection Roulette

4
Interview

Interview: Kunal Anand, Chief Technology Officer, Imperva

5
Blog

Dangerous Liaisons - Cloudphishing

6
Webinar

Mitigating the Security Risks and Challenges of Office 365