Very often, cyberattacks against organisations that have the technical resources in place to protect against such attacks are the result of an employee not complying with the organisation’s security rules.
The Harvard Business Review recently published a very interesting research article on Why Employees Violate Cybersecurity Policies with the study finding that employees with higher stress levels were less likely to abide by rules. The authors of the article have given suggestions on what organisations needed to do to change their cyber security approaches and protect themselves against attacks by engaging with their staff in a different manner and implementing other policies. The report also mentions how understanding what motivates employee’s alternative policies helps knowing how to deal with issues resulting from non-compliance with security rules. Examples of organisations having suffered attacks as a result of such employee stress and attackers taking advantage of altruism among employees are also given.