Last summer, Colonial Pipeline paid a ransom of almost $5 million after a cyberattack created widespread panic over the availability of gasoline across the Southeastern U.S. Just a few weeks later, the world’s largest meat processing company agreed to pay an $11 million ransom in response to a cyberattack that suspended operations at plants across the U.S., Canada, and Australia. Attacks like these have been growing more common for years, and the Covid-19 pandemic has only made matters worse, with the FBI reporting a 400% increase in cyberattacks in the first few months of the pandemic.
Research: Why Employees Violate Cybersecurity Policies
Stress can reduce people’s tolerance for rules that seem to get in the way of doing their jobs.
January 20, 2022
Illustration by Andrius Banelis
Summary.
In the face of increasingly common (and costly) cyberattacks, many organizations have focused their security investments largely on technological solutions. However, in many cases, attacks rely not on an outsider’s ability to crack an organization’s technical defenses, but rather on an internal employee knowingly or unknowingly letting a bad actor in. But what motivates these employees’ actions? A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest several ways in which organizations should rethink their approach to cybersecurity and implement policies that address the real, underlying factors creating vulnerabilities.
New!
HBR Learning
Digital Intelligence Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Excel in a world that's being continually transformed by technology.
Learn More & See All Courses
New!
HBR Learning
HBR Learning
Digital Intelligence Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Excel in a world that's being continually transformed by technology.