Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

Does Stress Drive Employee Violations of Cybersecurity Policy?

Ten days ago, the Harvard Business Review published an article titled: Research: Why Employees Violate Cybersecurity Policies.

According to the results of their research, deliberate violations are indeed what drives cybersecurity policy violations. But not because of malicious intent—but because of employee stress.

Here are a couple of quotes from the article:

“Our recent research, however, suggests that much of the time, failures to comply may actually be the result of intentional yet non-malicious violations, largely driven by employee stress.

“While IT specialists toil away to create better, smarter, and safer technical systems, there is one risk they can’t program away: humans.”

Highlights of their research results and recommendations:

Many Policy Violations Are Driven by Stress, Not Desire to Harm

Average employee failure to comply rate of once per 20 job tasks. The most common responses from employees for their failure:

  • To better accomplish tasks for the job
  • To get something the employee needed
  • To help others get their work done

There’s a Middle Ground Between Ignorance and Malice

The researchers contend that the wish to accomplish a task is sometimes in conflict with cybersecurity policy and recommend IT departments consider employee workflow in developing that policy.

Job Design and Cybersecurity Are Intertwined

Carrying out an organization’s cybersecurity policy can add to an employee’s workload and, therefore, should be incentivized, along with other job requirements.

Hackers Take Advantage of Altruism

The researchers found employees are more prone to violate cybersecurity policy when they’re helping somebody else.

Final Thought

Organizations must now urge their employees to slow down and weigh the source of each cyber communication before they act and recognize that workflow may be affected.

It is another useful strategy to help mitigate theft of intellectual property and improve overall cybersecurity hygiene.

Side Note: Remember one of the most effective and simple ways to protect your data: Multi-Factor Authentication.

Additional Reading:

Why Employees Must Be Hacker-Detectors—IP Probe Blog

Beware of: Business E-Mail Compromise (BEC)–IP Probe Blog

DisclaimerIPProbe.Global is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

0 comments on “Does Stress Drive Employee Violations of Cybersecurity Policy?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: