Is Employee Happiness Affecting Cybersecurity?

Posted by UpGuard

Cybersecurity and Top Down Corporate Culture

Glassdoor's 2016 Employees' Choice Awards Highest Rated CEO List includes household names like Marc Beniof, Mark Zuckerberg, and Tim Cook—CEOs of companies that also score high marks for strong security. Is there any correlation between a company's cyber risk profile and its CEO employee approval rating?

Of course, a myriad of elements ultimately make up a firm's cyber risk profile—for example, size and industry, to name a few. UpGuard's Cyber Security Threat Assessment Report (CSTAR) uses external risk parameters (e.g., industry trends and peer environments) alongside key internal parameters—the organization's size, infrastructure data, asset configurations, and exposures—to accurately quantify the collective vulnerability of every server, network device, and cloud service to the risk of breaches. 

Download the eBook

One element in particular—Glassdoor's Employee CEO approval rating—is a critical measure used by UpGuard to calculate CSTAR scores. Let's revisit the aforementioned top-rated Glassdoor CEOs and their respective companies to understand why.

A quick UpGuard risk assessment reveals the following:

score_ben.jpg score_cook-1.jpg score_zuck.jpg

CSTAR scores for Salesforce.com, Apple, and Facebook.

Note the strong CEO approval ratings coupled with strong website perimeter and email security controls to boot. But what about Glassdoor's worst performers, that is—companies that score the lowest when it comes to CEO employee approval?

Let's take a look at three from the bottom of the barrel—Dillard's, Forever 21, and HTC. We gauged their cyber risk with UpGuard's risk assessment platform:

score_dillards.jpg score_for21.jpg score_htc-5.jpg

CSTAR scores for Dillard's, Forever 21, and HTC.

Low employee approval ratings for all three CEOs, and for each respective company—correspondingly bad email and website perimeter security. Each firm housed a myriad of security risks, including missing sitewide SSL, leakage of sensitive data, and lack of DMARC and DNSSEC, among others.

Security As an Indicator of Strong Corporate Culture

For HTC, its most devastating blow to-date was not a cyberattack, but a case of corporate espionage: in 2013, the company's VP of Product Design, R&D Director, and Senior Manager of Design and Innovation were arrested for selling key intellectual property to a rival Chinese handset manufacturer. HTC's share prices plummeted following the announcement; 5 employees were eventually indicted for leaking company secrets, falsifying expense reports, and taking kickbacks.

Again, many factors come into play when determining an organization's cyber risk profile. That said, CEO approval rating is often an accurate barometer for a company's internal state of affairs, including matters related to infrastructure security. As the old adage goes, corporate culture is top-down. Bad thinking from leadership breeds similar mindsets amongst managers and workers. Furthermore, a firm that harbors disdain for its leadership is less likely to maintain a culture of strong security—for employees or customers.

How does UpGuard help IT Security?

 

More Articles

The Amex Partner Data Breach and Downstream Liability

If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >

The Nightmare Scenario: When Your Security Provider Becomes a Security Problem

You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >

Top Retailers Who Should Know Better

The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >

Topics: vulnerabilities, cybersecurity, data breach

UpGuard Customers