Clik here to view.
Fifty-one percent (51%) of employees were disciplined, 27% voluntarily left the organisation and 39% were fired following their involvement with a phishing incident, according to research undertaken by threat intelligence company Egress.
According to Jack Chapman, SVP of Threat Intelligence at Egress, phishing attacks and data breaches have a wide-ranging effect on organisations, from system outages and downtime to important data being encrypted and used to demand a ransom - and “one consequence of phishing attacks that is often overlooked is the negative impact it can have on employee wellbeing”.
“Being a victim of a phishing attack can be devastating. Following a successful attack, organisations can experience anything from reputational damage, legal repercussions, and even operational shutdown – so it’s no wonder employees don’t want to be the one to cause these devastating effects,” Chapman observes.
“Due to these organisational impacts, there are significant personal consequences, as the recent research found,” notes Chapman, adding that “disappointingly, I’ve heard countless stories of people being ‘named and shamed’ within an organisation after falling victim to an attack – and even sometimes for failing a phishing simulation – leading to embarrassment amongst an individual's peers.
{loadposition peter}
“However, the tough stance taken on employees can have a significant impact on their wellbeing, especially considering individuals who succumb to phishing attacks have genuinely made a mistake rather than intentionally seeking to harm their employer.
“Constantly living in fear of falling for a phishing attack and facing the related consequences can lead to feelings of chronic stress, anxiety, and even burnout. Ultimately, these consequences inevitably lead to employee churn and loss of good talent. Instead of fostering a culture of fear and punishment, organisations should prioritise the wellbeing of their employees by adopting a more supportive and empowering approach to security awareness.
“In order to reduce the stress associated with malicious email interactions, employers have a duty to provide employees with individualised security coaching that’s tailored to the jobs they do and the threats they face. By providing highly relevant and timely security awareness training (SAT), organisations can help them develop the skills and knowledge needed to identify and respond to phishing attempts effectively and confidently.
“For best practice and results, organisations need to work with employees to ensure they’re supported. Instead of placing the entire burden on the workforce, companies should leverage intelligent technology that can detect and prevent the most sophisticated phishing emails from reaching employees' inboxes in the first place.
“By implementing robust technical solutions, organisations can create a multi-layered defense system that takes some of the pressure off employees and allows them to focus on their primary job responsibilities,” concludes Chapman.
