Data breaches are an increasingly common occurrence nowadays. A new report highlights the lesser-known impacts on employees following these cybersecurity failures.
Data leaks are an unfortunate part of our daily digital life. To date, billions of people have had their personal information exposed as cybersecurity breaches increase in scale and sophistication. These incidents can and often do lead to a spectrum of collateral damage including hefty fines for the companies involved. As part of a settlement with the Federal Trade Commission, Equifax agreed to pay about $600 million as a result of its massive 2017 breach.
SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)
As one would imagine, a data breach will also have a major impact on an organization's reputation and future prospective clients. A recent survey conducted by Security.org found that nearly one-quarter of Americans said they would no longer conduct business with a company that has sustained a data breach. Surveys like this speak to the intense pressure on companies and IT teams to secure their systems well in advance.
While the monetary consequences (a la FTC fines and loss of clients) are readily apparent, there are also lesser-known social ramifications of these cybersecurity failures. A new report from Kaspersky illustrates the negative influence these data breaches can have on employees at affected organizations.
Data breaches cause workplace and personal disruptions
The report titled "Taking care of corporate security and employee privacy: why cyber-protection is vital for both businesses and their staff" pinpoints what it calls the "human side" of data breaches. The key findings paint a stark picture of the far-reaching social consequences and interpersonal stressors following cybersecurity incidents.
The majority of employees at affected companies reported significant workplace disruptions. Often, these occupational demands have direct effects on their personal lives. In fact, more than three-quarters of employees (76%) noted impacts on their personal relationships due to a data breach. Overall, 16% of respondents said they had in fact quit the company due to these impacts.
Following a data breach, about one-third of employees (30%) said they had to miss an "important personal event" with 27% reporting they had canceled their vacation plans as a result. Another 32% said they'd worked overnight as a result of the breach and 33% reported suffering "additional stressors."
The data shows clear disruptions following data leaks at both small- and midsize businesses (SMBs) and enterprises. Of companies that had experienced a minimum of one data breach in the previous year, about half of enterprises (53%) and SMBs (48%) reported the incidents had a negative effect on the overall work experience.
These cybersecurity incidents also have major impacts on an organization's long-term objectives. Approximately one-quarter of enterprises (26%) and SMBs (27%) said they'd been forced to delay deadlines and other projects a minimum of one financial quarter.
In general, company size and IT sophistication appears to have little effect on mitigating these stressors. One-third (33%) of employees in administrator roles reported experiencing "much more stress" than normal, "regardless of the size and IT maturity of the company."
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
Kaspersky's recommendations to ease employee fallout
As part of the report, Kaspersky also offers a series of tips to help organizations prepare for data breaches, as playing catch-up after an incident could only lead to more stress and disorganization.
Transparency and communication: Communication is particularly critical following a breach. Companies should immediately let employees know if their personal data has been compromised as this can only exacerbate an already stressful situation. The employees will want to hear this information from their employer rather than finding out once a news story breaks. Additionally, Kaspersky recommends providing clear information about who employees need to contact regarding any issues they may be experiencing. This is especially critical for teams working remotely for extended periods.
Create an informed digital culture: Kaspersky recommends teaching employees about the significance of cybersecurity and demonstrating best practices to prevent breaches. Establishing a structured training course for employees could help provide greater insights on cybersecurity and more.
IT Procedures: It's best to have a structured and thorough IT response plan in the event of a cybersecurity breach. This includes initial steps about who to contact and what to do during the initial phase of a breach.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)