How Does Employee Stress Impact Cybersecurity?
Employees are commonly known as one of the weaker links in an organization’s cybersecurity – after all, it’s easier to trick people into giving them network access than attempting an actual breach. But understanding why employees make these mistakes can have a major effect on improving security in the long run.
A recent study, “The Psychology of Human Error,” shows how distraction, stress and fatigue influence a person’s ability to make good cybersecurity. Given that 2020 has been a remarkably stressful year, and that 88% of data breaches are caused by human error, this information may be vital to ensuring an organization’s protection.
The researchers looked at cybersecurity issues such as phishing emails or sending an email to the wrong person – a common security problem, as 25% had clicked on phishing links and 58% reported misdirecting email. Among the reasons for making such mistakes:
And weary workers aren’t rare – 93% say they’re tired and stressed at some point during the workweek, while 46% reported experiencing burnout.
“Understanding how stress impacts behavior is critical to improving cybersecurity,” said Stanford University researcher Jeff Hancock. “When people are stressed, they tend to make mistakes or decisions they later regret. Sadly, hackers prey on this vulnerability. Businesses need to educate employees on how hackers might take advantage of their stress and explain the scams people could be susceptible to.”
Age can also be a factor – 50% of workers under 30 years old reported making such mistakes, while only 10% of workers over 51 said they had. It may be because the older workers have more experience – but it may also be because the younger workers are more aware of making the mistake and more willing to admit it. In either case, the study recommended companies tailor their security training for different age groups.
Ironically, it was employees in the technology industry that were more likely to click on phishing emails. Tech also had the highest percentage of employees agreeing there is an expectation to respond to emails quickly.