The research is detailed in Harvard Business Review by Clay Posey, an associate professor of information systems in the Marriott School of Business at Brigham Young University and chief research scientist at Beyond Layer 7, and Mindy Shoss, an associate professor of psychology at the University of Central Florida.
The pair asked more than 330 remote employees from a diverse range of industries to self-report on both their daily stress levels and their adherence to cyber security policies over the course of two weeks.
In addition, they conducted a series of in-depth interviews with 36 professionals who were forced to work remotely due to the pandemic; this was done to gain a better understanding of how the transition to work-from-home has impacted cyber security.
“We found that across our sample, adherence to security conventions was intermittent. During the 10 workdays we studied, 67% of the participants reported failing to fully adhere to cyber security policies at least once, with an average failure-to-comply rate of once out of every 20 job tasks,” the researchers said.
“We also found that people were substantially more likely to knowingly break security protocols on days when they reported experiencing more stress, suggesting that being more stressed out reduced their tolerance for following rules that got in the way of doing their jobs,” the researchers said.
“Common sources of stress included family demands that conflicted with work, job security fears, and ironically, the demands of the cyber security policies themselves.”
According to the research, people were more likely to violate procedures when they worried that following them would hinder productivity, require extra time or energy, mean doing their jobs in a different way, or make them feel like they were constantly being monitored.
