Is Employee Happiness Affecting Cybersecurity?

Last updated by UpGuard on September 5, 2018

Glassdoor's 2016 Employees' Choice Awards Highest Rated CEO List includes household names like Marc Beniof, Mark Zuckerberg, and Tim Cook—CEOs of companies that also score high marks for strong security. Is there any correlation between a company's cyber risk profile and its CEO employee approval rating?

Of course, a myriad of elements ultimately make up a firm's cyber risk profile—for example, size and industry, to name a few. UpGuard's Cyber Security Threat Assessment Report (CSTAR) uses external risk parameters (e.g., industry trends and peer environments) alongside key internal parameters—the organization's size, infrastructure data, asset configurations, and exposures—to accurately quantify the collective vulnerability of every server, network device, and cloud service to the risk of breaches. 

One element in particular—Glassdoor's Employee CEO approval rating—is a critical measure used by UpGuard to calculate CSTAR scores. Let's revisit the aforementioned top-rated Glassdoor CEOs and their respective companies to understand why.

A quick UpGuard risk assessment reveals the following:

score_ben.jpg
score_cook-1.jpg
score_zuck.jpg

CSTAR scores for Salesforce.com, Apple, and Facebook.

Note the strong CEO approval ratings coupled with strong website perimeter and email security controls to boot. But what about Glassdoor's worst performers, that is—companies that score the lowest when it comes to CEO employee approval?

Let's take a look at three from the bottom of the barrel—Dillard's, Forever 21, and HTC. We gauged their cyber risk with UpGuard's risk assessment platform:

score_dillards.jpg
score_for21.jpg
score_htc-5.jpg

CSTAR scores for Dillard's, Forever 21, and HTC.

Low employee approval ratings for all three CEOs, and for each respective company—correspondingly bad email and website perimeter security. Each firm housed a myriad of security risks, including missing sitewide SSL, leakage of sensitive data, and lack of DMARC and DNSSEC, among others.

Security As an Indicator of Strong Corporate Culture

For HTC, its most devastating blow to-date was not a cyberattack, but a case of corporate espionage: in 2013, the company's VP of Product Design, R&D Director, and Senior Manager of Design and Innovation were arrested for selling key intellectual property to a rival Chinese handset manufacturer. HTC's share prices plummeted following the announcement; 5 employees were eventually indicted for leaking company secrets, falsifying expense reports, and taking kickbacks.

Again, many factors come into play when determining an organization's cyber risk profile. That said, CEO approval rating is often an accurate barometer for a company's internal state of affairs, including matters related to infrastructure security. As the old adage goes, corporate culture is top-down. Bad thinking from leadership breeds similar mindsets amongst managers and workers. Furthermore, a firm that harbors disdain for its leadership is less likely to maintain a culture of strong security—for employees or customers.

How does UpGuard help IT Security?