A recent survey conducted in Ireland highlights a concerning trend: fear of blame is preventing employees from reporting cybersecurity incidents. The study, carried out by Censuswide for IT.ie and SonicWall, collected responses from 1,000 office workers, revealing the negative impact of a blame culture on organizational cybersecurity practices.
Employees Held Accountable for Breaches
According to the findings, nearly 75% of respondents believe their employers hold staff personally responsible for cybersecurity failures. Of these, 35% reported that blame is “always” assigned to employees, while another 35% said this happens “sometimes.” This perception has created a hesitation among workers to address cyber incidents openly.
Alarmingly, almost one-third of respondents admitted to being aware of co-workers losing their jobs due to unintentional cybersecurity errors. To avoid repercussions and embarrassment, the same proportion of employees stopped reporting security breaches over the past year. The survey also highlighted discomfort in raising cybersecurity concerns with senior management, with 20% of respondents reporting unease.
This situation has had a detrimental impact on the mental health of employees:
- About half of the workforce reported feeling stressed due to cybersecurity demands.
- Over two-thirds stated they would consider quitting if they were blamed for a cybersecurity incident.
These findings underscore the urgent need for organizations to provide better support to employees. A significant 79% of respondents believe companies should offer mental health support for workers affected by cyberattacks. Furthermore, 60% agreed that employees should not be held personally liable for unintentional breaches, advocating for a collaborative approach to securing systems.
Recommendations for Change from Experts
Industry leaders are emphasizing the importance of fostering a blame-free culture to improve cybersecurity practices. Stuart Taylor, Northern Europe's regional director for SonicWall, stated: "This basically just casts blame on individuals, rather than on system weaknesses. Instead, it's about building an environment in which employees feel secure enough to raise issues without fear." He further added, "It is very important to build a constructive culture that motivates employees to act responsibly without fear of retribution."
A Global Perspective
This issue isn't confined to Ireland. An international survey by CyberArk revealed similar challenges, with 65% of workers bypassing cybersecurity policies. Often, this is driven by the hybrid work model, which prioritizes convenience. These findings highlight the need to balance accountability with support, rather than instilling fear among employees.
The research calls on businesses to:
- Encourage open communication about cybersecurity incidents.
- Focus on system improvements rather than blaming individuals.
- Create a collaborative and supportive work environment.
- Implement mental health support programs for affected employees.
By adopting these measures, organizations can strengthen both workplace trust and cybersecurity resilience, ensuring a safer and more productive future.
