Employees are often said to be an organization's greatest weakness when it comes to cybersecurity, whether those employee have malicious intentions or inadvertently expose sensitive information. While the potential for human error is a constant across organizations, companies' responses to cybersecurity-related negligence range from one-on-one meetings to termination.
A recent survey from Ponemon Institute on managing inside cybersecurity risk also sought information on how organizations act if an employee is found to be negligent. The survey gathered responses from more than 600 individuals at companies with a data protection and privacy program and identified the following trends:
- Following an incident of employee negligence, 56 percent of organizations hold a one-on-one meeting with a superior.
- Fifty-one percent of respondents said they facilitate a one-on-one meeting with someone from the IT security department.
- Forty-five percent of respondents said they formally reprimand the employee in personnel records, 33 percent terminate the employee, 19 percent demote the employee and 16 percent said they may reduce salary, bonuses or incentives. Respondents were permitted to select more than one answer.
On the flip side, respondents were asked whether their organizations offer incentives to employees for being proactive in protecting sensitive and confidential information. Two-thirds said they do not. Of those that do, 29 percent said they would offer a positive performance review, 23 percent would offer an employee recognition award and 19 percent would offer a financial award. Respondents were permitted to select more than one answer.
More articles on cybersecurity:
Managing insider cybersecurity risk: 5 key findings
CHIME suggests cybersecurity as a reimbursement factor in MIPS
First known ransomware attack in 1989 also targeted healthcare