Business

Employers blame staff for cybersecurity incidents, most office workers say

Majority of staff would leave job if involved in such a situation, survey indicates

IT.ie managing director and co-founder Eamon Gallagher and Daniel Carr, account manager for Ireland at SonicWall. Some 73 per cent of office workers said employers hold staff personally responsible for cybersecurity incidents that happen in the workplace, a new study conducted on behalf of the two companies has found
IT.ie managing director and co-founder Eamon Gallagher and Daniel Carr, account manager for Ireland at SonicWall. Some 73 per cent of office workers said employers hold staff personally responsible for cybersecurity incidents that happen in the workplace, a new study conducted on behalf of the two companies has found
Fiona Keeley
Thu Jan 16 2025 - 05:00

Some 73 per cent of office workers said employers hold staff personally responsible for cybersecurity incidents that happen in the workplace, a new study has found.

The research conducted by Censuswide on behalf of IT.ie and SonicWall showed 29 per cent of respondents say at least one colleague has been fired from their position for accidentally causing a cybersecurity breach.

The research shows that businesses are under pressure due to the increasing threat of cybersecurity criminals, said Eamon Gallagher, founder and managing director of IT.ie. “However, that pressure is wrongly being felt on a personal level by employees.”

From my perspective, the survey shines a light on company culture and the need for more investment in staff training, Mr Gallagher said. “The staff are the last mile in terms of that cybersecurity landscape,” he said.

READ SOME MORE

The data says 64 per cent of those asked would either leave or consider leaving if they were involved in a cybersecurity breach.

A majority of respondents said businesses should provide support to staff who fall victim to cybersecurity attacks, with 79 per cent in favour of the move.

Cybersecurity the ‘most pressing concern for business’ ]

According to the data, one in five of those asked said they would not feel comfortable reporting any concerns they had about cybersecurity to management.

Some 1,000 people across Ireland completed the survey.

The European Union recently updated its cybersecurity laws for the bloc, from NIS (network and information systems) to NIS2. The updated laws will expand the number of businesses that have to adhere to strict cybersecurity standards.

Member states were given a deadline of October 17th, 2024, however, Ireland missed that deadline.

NIS2 places a personal onus for cybersecurity incidents on the employer rather than the employee. “It places the responsibility back on senior leaders to oversee training, security and business continuity measures that ensure that if, and when, a breach does happen, its impact is minimal,” Mr Gallagher said.

Essential businesses such as transport, banking or healthcare could face fines of €10 million or two per cent of their global annual turnover, whichever is higher. Important businesses such as post, waste management or manufacturing could be fined €7 million or 1.4 per cent of annual revenue, whichever is higher.

  • Sign up for the Business Today newsletter and get the latest business news and commentary in your inbox every weekday morning
  • Opt in to Business push alerts and have the best news, analysis and comment delivered directly to your phone
  • Join The Irish Times on WhatsApp and stay up to date
  • Our Inside Business podcast is published weekly – Find the latest episode here
Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning