A research team led by faculty from Binghamton University, State University of New York, has delved into the possible connection between mass layoffs and data breaches. Their hypothesis suggests that layoffs can create circumstances where disgruntled employees, experiencing heightened stress and job insecurity, might engage in risky behaviors that could make the company more vulnerable to data breaches.
A study entitled “The Impacts of Layoffs Announcement on Cybersecurity Breaches” was presented by Binghamton faculty at the Pacific Asia Conference on Information Systems (PACIS) in Vietnam. The motivation behind the research was to explore potential retaliatory behaviors displayed by individuals affected by layoffs and the notion of seeking retribution by targeting a perceived “bad business” through cyber attacks. The study was a collaborative effort involving scholars from Vietnam National University and Liverpool John Moores University in the U.K.
Assistant Professor Thi Tran, spearheading the project, emphasized the cybersecurity risks that may arise when companies announce layoffs first and terminate access to laid-off employees later, leaving room for vengeful actions. Tran highlighted the risk posed by former employees who are privy to confidential security information, which could compromise the integrity of the system.
The research proposes that companies could mitigate the risk of data breaches resulting from layoffs by implementing proactive corporate social responsibility initiatives that emphasize ethical behavior and data security practices.
An IBM report on the Cost of Data Breach in 2023 underscored the significant financial losses associated with data breaches. It revealed that the average global cost of a data breach that year was $4.5 million, marking a 15% increase over the previous three years.
While mass layoffs are frequently reported in today’s news, little research has been done on the potential relationship between layoffs and cybersecurity within companies. Sumantra Sarkar, an associate SOM professor involved in the research, attributed this gap to the relatively recent emergence of mass layoffs as a phenomenon.
Sarkar highlighted the vulnerability of human factors in IT security chains, emphasizing that reactions to external triggers like layoffs could pose security risks originating from individuals inside the organization or vendors with internal infrastructure knowledge.
Companies may further expose themselves to risks by outsourcing IT and cybersecurity functions as a cost-cutting strategy following layoffs. Negative publicity following layoffs could also create opportunities for politically motivated hackers to exploit perceived financial instability or leadership shortcomings.
Tran emphasized the importance of managing public perception to minimize negative consequences stemming from layoffs, stating that understanding how people consume information is crucial in shaping a positive image and reducing the likelihood and impact of data breaches resulting from mass layoffs.