Don't underestimate the importance of employee wellbeing in the fight against cybercrime
When discussing cybersecurity, employees' mental health and general well-being must be central to the conversation. Cybersecurity isn’t just the responsibility of IT specialists—every employee plays a role. After all, an organisation's strength is in its people.
Here are some ways employee mental health and well-being can compromise cybersecurity—and what organisations can do to address them.
The potential effect of stress and burnout
Cybercriminals exploit psychological vulnerabilities, often creating stressful scenarios that lead employees to make mistakes. For instance, an urgent email appearing to come from the CEO can create panic, pressuring employees into poor decisions.
These tactics are even more effective when employees are already stressed. According to Headspace’s Workforce State of Mind report in 2024, 86% of workers experienced moderate to extreme stress over the past year. Furthermore, organisational stressors like excessive workloads, mismatched values, inadequate rewards, and lack of autonomy are leading contributors to burnout.
The costs are staggering—$322 billion annually in turnover and lost productivity. But this figure doesn’t account for cybersecurity errors caused by stress and burnout, which could amplify a breach's financial and reputational impact.
Key takeaway
Cybercriminals pile on the pressure; organisations must alleviate it. Protect employees’ mental health by fostering a supportive environment. Encourage employees to manage their emotions and make deliberate, informed decisions. One lapse of concentration or an innocent mishap is all it takes to compromise an entire organisation.
Anxiety and fear are not conducive to secure environments
Anxiety surrounding cybersecurity threats can significantly impact decision-making. Headlines about deepfake scams and voice-cloning deception heighten fear and uncertainty, affecting employee confidence and judgement.
The fear of sensitive data being hacked, as seen in incidents like the recent 23andMe breach, adds to this anxiety. A stressed, fearful workforce is more likely to hesitate on simple tasks—like responding to an email or clicking a link—or fall prey to phishing scams due to a lack of confidence or understanding.
Key takeaway
Invest in robust cybersecurity measures and transparent processes to help employees feel safe and secure. Empower them with the tools and knowledge to navigate threats confidently, and create an environment where their concerns are heard and addressed.
Distrust and uncertainty can drive insecure behaviours
Psychological safety in the workplace is founded on trust. Trust is essential to effective cybersecurity. Employees must feel comfortable reporting mistakes without fear of judgment or punishment. Delays in reporting errors can exacerbate the impact of cyberattacks and result in hefty fines, as was the case for British Airways, which was fined £20M for not reporting a breach within the mandated ICO time frame.
领英推荐
However, a breach can damage and negatively impact trust across the organisation—between leaders and employees, among teams, and even in the systems designed to protect them. Over time, this erosion of trust can lead to reluctance to use digital tools or share information, creating additional vulnerabilities.
Key takeaway
Foster a culture of trust, transparency, and psychological safety. Ensure employees feel supported when reporting potential threats or mistakes. Lead with empathy and honesty, especially during and after a cybersecurity incident. Your organisational culture and resilience will be tested, but a strong foundation of trust will help you navigate these challenges.
Conclusion
Cybersecurity and employee well-being are deeply intertwined. A workforce under stress, plagued by anxiety, or lacking trust is more vulnerable to cyber threats. By prioritising mental health and fostering a culture of support and transparency, organisations can not only protect their people but also strengthen their overall cybersecurity posture.
Source reading: