Mumbai: About 30% of IT Security managers involved in the aftermath of data breach incidents missed their key family dates due to work overnight revealed Kaspersky‘s new report.
The Kaspersky report titled —‘Taking care of corporate security and employee privacy: why cyber-protection is vital for both businesses and their staff” stated that around a third of enterprise staff (30%) who are involved in the incident response missed key personal events, had to work overnight (32%) or suffered additional stress (33%). A quarter of IT Security staff even had to cancel vacations (27%).
Kasperky’s new report highlighted the ‘human side’ of cybersecurity incidents – examining the discomfort and losses employees face due to breaches.
While the risk of data breaches always exists, organizations need to keep data security under control so incidents don’t negatively impact employees’ attitude and a business’s reputation – especially during the COVID-19 outbreak.
Work-related stress encroaches on staff work-life balance, efficiency, and motivation, with 76% of employees feeling it impacts personal relationships and 16% even quit their current job because of it.
This stress needs to be considered, especially now when so many people are working from home and struggling to maintain their productive working routine.
For example, an increasing number of employee absent days caused by stress can cost a large enterprise up to $3.5 million annually, as per the work–stress report.
Cybersecurity incidents may contribute to a negative work experience too – in fact, it has already happened in around half of SMBs (48%) and enterprises (53%) that experienced at least one data breach last year, the report found.
The chart below reveals the personal consequences that IT and IT security managers face when they have to clean up after a company data breach.
Stress is again the most likely ramification: a third (33%) of administrators fell into much more stress than they would usually. Regardless if they were working in a big enterprise with advanced incident response practices, or in a medium-sized business without a dedicated IT security department.
In case, any breach incident occurs, the IT and IT security teams have to investigate it. They have to clean up and fix the system, take preventive measures, and stop this attack from being repeated.
As a result, a third of managers worked overnight or had to incur overtime at work (33% for SMBs and 32% for enterprises). It can also lead to other tasks and deadlines being pushed back in more than a quarter of both SMBs (27%) and enterprises (26%).
And all this in addition to missing personal events, like a grandmother’s birthday or a date night with a fiancé, as experienced by 20% of IT professionals in SMBs and 30% in enterprises.
“When talking about cybersecurity incidents in business, we often focus on what it costs to companies – like money, customer trust, and other corporate consequences. But there is another aspect to consider; how employees live through such cases,” said Alena Reva, VP – Human Resources Americas, Kaspersky.
“It’s needless to say that additional stress at work or a disrupted work-life balance affects employee’s productivity and, even more critically, their mental and physical health,” added Reva.
Work stress or a disrupted work-life balance, shouldn’t be underestimated, Reva pointed out. Because this can affect business too if staff members share their negative feelings outside the organization – impairing its reputation and brand as an employer.
“This can be especially critical for a business walking through a data breach when its wider reputation is already under attack,” stressed Reva.
The following steps can help organizations keep the impact of a breach on staff to a minimum:
- In the time of crisis, be transparent with your people. Keep employees informed on what’s going on, what it means to the business, and to them, and make sure they know who to contact about any issues. It is important for when employees are working remotely for a sustained period when staff is often isolated from each other. If a data breach affected employees’ personal data, make sure they acknowledge it from you and not from the media or newspapers.
- In ‘peace time’, it is best to prepare a list of steps for an IT department in case of an incident: who to inform first, who is responsible for what and what steps should be made. This helps employees feel prepared and can relieve potential panic and stress.
- If a breach occurs, focus on properly investigating the causes and consequences instead of just searching for any guilty staff.
- Any crisis can be seen as a time of opportunities. Explain to employees that their help in this situation is crucial and they can prove themselves and their actions will be positively noted.
- Create a corporate culture where all employees understand the importance of cybersecurity. Teach them how cybersecurity incidents can occur and what the consequences are. Explain to employees how following simple rules can help a company avoid cybersecurity incidents via training courses, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Breaches can draw media attention, which results in unwanted public exposure. Kaspersky Incident Communications training helps to upskill corporate communications teams to operate optimally during a cyberattack.