Why Employees Violate Cybersecurity Policies

Why 67% of employees violate cybersecurity policies

Why Employees Violate Cybersecurity Policies by Harvard Business Review

Harvard Business Review published an article on Why Employees Violate Cybersecurity Policies. They explored why employees violate cybersecurity policies, and the results were quite interesting. Contrary to popular belief, their recent study suggests that “the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate the policy on days when they were more stressed out, suggesting that high-stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs.”

So, what does this mean for managers and executives? According to the article, “Managers must recognize that job design and cybersecurity are fundamentally intertwined. The reality is that compliance with cybersecurity policies can add to employees’ workloads, and so it should be considered and incentivized alongside other performance metrics when workloads are determined.”

 The study concluded that around 18% of policy violations stemmed from a desire to help a coworker. Unfortunately, hackers also understand this and leverage empathy to launch attacks. The article recommends that managers and executives identify and work to reduce sources of stress in the workplace and include staff in cybersecurity policy creation. By including staff in the development process, they are more likely to understand the rationale behind the measures and more likely to adhere to them.

In short, “while the idea of a resentful employee purposefully trying to harm their company may make for a compelling story, our research points to the major role of employee stress in motivating non-malicious (yet potentially catastrophic) security breaches. To address the mounting risk of cyberattacks — as well as the countless other risks associated with an increasingly stressed-out workforce — leaders must undertake targeted efforts to minimize the root causes of stress in the workplace and design healthier, more sustainable workloads for employees at every level.”

So, EverChain’s CTO’s message to you today is that it is as important to monitor performance as it is to monitor stressPushing too hard may create gains on one side, but force losses on the other.  Please monitor your employees’ stress levels and remember, we are all in this war against cyberattacks together.


Why Employees Violate Cybersecurity Policies by Clay Posey and Mindy Shoss.  To view the full article click here. Harvard Business Review, published on www.HBR.org.

About EverChain®

EverChain® facilitates compliant and secure debt sales for lenders and other creditors. We enable creditors to manage and monetize their uncollected receivables via our secure, sophisticated, and specialized technology platform (patent pending) consistently and compliantly. We aren’t simply a conventional broker or a buyer; EverChain® is an experienced debt sales advisor who has the expertise to help creditors optimize their recovery strategy while protecting their consumers, brand, and bottom line. One of the prime focuses of our business is to optimize compliance across all entities, including sellers, buyers, law firms, and agencies.

Want to learn more about how EverChain can help you with Non-Performing loans or buying debt click here, or to schedule a free demonstration with our dynamic sales team click here.

Related Posts