A groundbreaking study led by Binghamton University suggests a link between mass layoffs and heightened data breach risks, highlighting the importance of corporate social responsibility and data security measures.
A pioneering study led by Binghamton University explores the potential connection between mass layoffs and increased data breaches, offering crucial insights for corporate security strategies. The study suggests that layoffs may create an environment where disgruntled employees are more prone to risky behaviors, potentially leading to significant cybersecurity vulnerabilities.
The research, titled “The Impacts of Layoffs Announcement on Cybersecurity Breaches,” was presented at the Pacific Asia Conference on Information Systems (PACIS) in Vietnam. The study investigates the revenge-driven behavior of laid-off employees and their motives to “punish” their former employers through hacking.
“Some companies try to be nice by announcing layoffs first, terminating access to the laid-off employees later, but that can easily open the door to cybersecurity risks — especially if the laid-off employee is feeling vengeful,” the study’s lead author Thi Tran, an assistant professor of management information systems at the Binghamton University School of Management, said in a news release. “Because they used to be an employee, they have confidential information about security layers that can be bypassed. The more they know about the system, the worse it could be.”
The study emphasizes that companies can mitigate these risks by implementing corporate social responsibility (CSR) initiatives focused on ethical conduct and robust data security during layoffs. This proactive approach could significantly reduce the likelihood of data breaches stemming from such situations.
Supporting these findings, the IBM Cost of Data Breach report in 2023 highlighted the significant financial impact of data breaches, with the global average cost reaching $4.5 million — a 15% increase over the previous three years.
Despite frequent headlines about mass layoffs, the research aims to fill the gap in understanding the potential cybersecurity implications. Sumantra Sarkar, an associate professor at the School of Management at Binghamton University, noted the evolution of layoffs in the modern workforce.
“In the old days, industries were more manual-oriented, and you could not replace people with the click of a button, but in the current information technology world, you hire people by the thousands, and you can lay off people much the same way. This opens the door for our research because humans are statistically the weakest link of the IT security chain,” Sarkar said in the news release.
“People react to triggers in their environment, such as layoffs, and that’s why security problems often come from the people either inside the organization or vendors with inside knowledge of the infrastructure,” he added.
Moreover, outsourcing IT and cybersecurity tasks as a cost-cutting measure in response to layoffs could further expose companies to vulnerabilities. Negative publicity following layoffs may also signal financial instability or poor leadership, attracting politically motivated hackers.
“When people hear about layoffs, it’s going to be viewed as something bad that can happen to them or anyone else in society,” added Tran. “So, if you’re in tune with how people consume information, you want to do whatever you can to build a good picture in the public’s mind to minimize negative consequences. We’re looking at not only the probability of something like data breaches resulting from mass layoffs happening but the severity if something like that actually does happen.”
This groundbreaking research underscores the importance of foresight and ethical management practices in maintaining cybersecurity in the face of workforce reductions. As companies navigate the complexities of modern employment, taking a proactive stance on data security could be key to safeguarding their digital infrastructure.