The latest Kaspersky report,“Taking care of corporate security and employee privacy: why
cyber-protection is vital for both businesses and their staff”,highlights the ‘human side’ of
cybersecurity incidents – examining the discomfort and losses employees face because
following breaches. According to the report, around a third ofemployees (27%) in the META
(Middle East, Turkey & Africa) region who are involved in the aftermath of an incident
missed importantpersonal events, had to workovernight (28%), or sufferedadditional
stress (30%). A quarter even had to cancel vacations (20%). While the risk of data
breaches always exists, organizations need to keep data security under control so incidents
don’t negatively impact employees’ attitude and a business’sreputation – especially during
the COVID-19 outbreak.
Work-related stress encroacheson staff work-life balance, efficiency and motivation,with
76% of employees feeling it impacts personal relationships, and 16% even quit their
current job because of it. This stress needs to be considered, especially now when so many peopleare workingfrom homeand strugglingto maintain their productive working routine.
For businesses,such stress can createan overall decrease in employee efficiency,affecting business performance andthen leading to direct financial losses. For example, an increasing
number ofemployeesabsent dayscaused by stresscan cost a large enterprise up to $3.5 million annually. After all, it can also lead toa company’s reputation being potentially
damagedas an employer.
As Kaspersky’s report has revealed, cybersecurity incidents may contribute toa negative
work experience too – in fact, it has already happened in around half of SMBs (48%) and enterprises(53%) that experienced at least one data breach last year. The chart below
reveals the personal consequences that IT and IT security managers face when they have to clean up after a company data breach. Stress is again the most likely ramification: a third
(30%) of administrators fell into much more stress than they would usually –regardless if they wereworking in a big enterprise with advanced incident response practices, or in a
medium-sized business without a dedicated IT security department.
“When talking about cybersecurity incidents in business, we often focuson what it costs to
companies – like money, customer trust and other corporate consequences. But there is
another aspect to consider;how employees live through such cases. It’s needless to say
that additional stress at work or a disrupted work-life balance affectsemployee’s
productivity and, even more critically, theirmental and physical health. This shouldn’t be
underestimated,becausethis can affect business too if staff members share their negative
feelings outside the organization – impairing its reputation and brand as an employer.
Thiscan be especially critical for a business walking through a data breach when its wider reputation is already under attack,” commentsAra Arakelian, HR Manager for the Middle East, Turkey and Africa at Kaspersky.
The following steps can help organizations keep the impact of a breach on staff to a minimum:
• In the time of crisis, be transparent with your people.Keep employees informed on what’s going on, what it means to the business and to them, and make sure they know who to contact about any issues. It is especially important for when employees are working remotely for a sustained period when staff are often isolated from each other. If a data breach affected employees’ personal data, make sure they acknowledge it from you and not from the media or newspapers.
• In ‘peace time’, it is best to prepare a list of steps for an IT department in case of an incident: who to inform first, who is responsible for what and what steps should be made. This helps employees feel prepared and can relieve potential panic and stress.
• If a breach occurs, focus on properly investigating the causes and consequences instead of just searching for any guilty staff.
• Any crisis can be seen as a time of opportunities. Explain to employees that their help in this situation is crucial and they can prove themselves and their actions will be positively noted.
• Create a corporate culture where all employeesunderstand the importance of cybersecurity. Teach them how cybersecurity incidents can occur and what the consequences are. Explain to employees how following simple rules can help a company avoidcybersecurity incidents via training courses, such as the ones provided in theKaspersky Automated Security Awareness Platform.
• Breaches can draw media attention, which results in unwanted public exposure. Kaspersky Incident Communications training helps to upskill corporate communications teams to operate optimally during a cyberattack.