Minimizing the Risk of Data Breaches in Virtual Workspaces

Project summary

Cybercrime (including data breaches) cost the world about $6 trillion annually and COVID 19 (with increased virtual working) have seemly accelerated the frequency and the negative impact of data breaches in organizations. It is critical to minimize data breaches to promote productivity.

Supported by Arts Access Australia (AAA) and CyberCX, our proposal will establish the patterns, and extent of data breaches in virtual workspaces while exploring its impact on employees’ productivity. A co-design cyber training intervention from this project should deepen employers’ and employees’ understanding on how to minimize the risk of data breaches to promote organizational productivity.

Project description

Rationale

Australia recorded over 910 data breaches (i.e., loss or unauthorized access to personal and sensitive information) in the first half of 2021. Criminal attacks were the leading source of the breaches and often attackers such as Conti received over $32.8 million as ransom. Also, customer lawsuits are increasingly linked with organizational loss of privacy/sensitive information. These incidents have adverse effects on organization’s bottom line.

Additionally, COVID 19 has accelerated virtual working, which appears to be in tandem with the frequency/intensity of data breaches (Noida, 2020). Studies (e.g., Ayyagari, 2014) show that data breaches occur not only because cyber criminals are more ferocious, but also due to human factors of cybercrime (Leukfeldt & Holt, 2020) and the absence of a capable guardian (see routine activity theory, Cohen and Felson (1979). This means that the non-implementation and enforcement of security policies in organizations is a major culprit in data breaches. So far, research has focused on the technical aspects of data breaches while the human factors are ignored. Yet, humans use the computers (data breaches platform), humans commit data breaches, and the consequences are on humans. We propose that human factors from victims’ side (i.e., poor employees’ cyber security skills, compliance behaviours) as part of the lower self-control abilities (Weijer, 2020) may increase the risk of data breaches and complicated by hybrid work.

While studies (e.g., Manworren, Letwat, & Daily, 2016) have focused on the impact of data breaches on organizations’ bottom line and litigation from customers, research on the impact of data breaches on employees’ privacy, productivity/wellbeing is limited. Yet, we know that employees are organization’s internal stakeholders and are likely to react to organizational crisis (e.g., data breaches) with fear, shock, and depression (Ayoko, Ang & Parry, 2017). Our proposal is crucial in understanding risk reduction for data breaches in virtual workspaces.

Research Questions: (1) What are the nature and patterns of data breaches and their connection with employees’ cyber security compliance behaviours in virtual workspaces (2): What is the impact of data breaches on employees’ productivity and wellbeing and how can the risk be minimized?

Methodology

Our aim is to identify the nature and patterns of data breaches and employee (non) compliance cyber security behaviors and not to calculate them. Through the OAIC, we will content-analyse data from 20 organisations with recent data breaches to determine the nature/patterns of data breaches and employees’ incorrect behaviours (e.g., misuse of security measures to protect personal information) in virtual workspaces. Second, 10 in-depth interviews with IT managers will be conducted for more insights into data breaches and employees’ incorrect behaviors. Finally, we will integrate outcomes of the interview/content analysis to adapt the online survey on identity crime (McAlister & Franks, 2021) to measure data breaches and incorrect behaviors while employing existing measures to capture employee wellbeing/productivity from 250 employees across organisations including AAA and CyberCX and their network. Hayes mediation-moderation bootstrapping techniques (see Hayes 2017) will be used to test the link between hybrid work, data breaches and employee wellbeing. We will collect data from AAA, CyberCX and other Australian organizations that have reported data breaches.

Innovation

We propose a mixed method approach based on organisational behaviour and cyber security literatures to address our RQs. This is innovative in co-designing a cyber risk management training intervention to correct behaviors and minimise the risk of data breaches.