Staff hide cyber security incidents due to fear of punishment

Employees hide IT security incidents in 40 per cent of businesses across the globe to avoid punishment, according to new research.

The study, published by Kaspersky Lab, found the problem was more significant in larger-sized businesses, affecting 45 per cent of enterprises with more than 1,000 employees. This compared to just 29 per cent when looking at businesses employing less than 49 people.

Uninformed or careless employees are one of the most likely causes of a cybersecurity incident, second only to malware, with close to half (46 per cent) of IT security incidents being caused by employees each year.

Staff hiding the incidents may result in dramatic consequences for businesses, with just one unreported event potentially leading to a much larger breach.

Slava Borilin, security education programme manager at Kaspersky Lab, said: “If employees are hiding incidents, there must be a reason why.

“In some cases, companies introduce strict but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong.

“Such policies foster fears, and leave employees with only one option: to avoid punishment whatever it takes.

“If your cybersecurity culture is positive, based on an educational approach instead of a restrictive one from the top down, the results will be obvious.”