UpGuard Blog

Is Employee Happiness Affecting Cybersecurity?

Written by UpGuard | Jun 15, 2016 2:00:00 PM

Glassdoor's 2016 Employees' Choice Awards Highest Rated CEO List includes household names like Marc Beniof, Mark Zuckerberg, and Tim Cook—CEOs of companies that also score high marks for strong security. Is there any correlation between a company's cyber risk profile and its CEO employee approval rating?

Of course, a myriad of elements ultimately make up a firm's cyber risk profile—for example, size and industry, to name a few. UpGuard's Cyber Security Threat Assessment Report (CSTAR) uses external risk parameters (e.g., industry trends and peer environments) alongside key internal parameters—the organization's size, infrastructure data, asset configurations, and exposures—to accurately quantify the collective vulnerability of every server, network device, and cloud service to the risk of breaches. 

One element in particular—Glassdoor's Employee CEO approval rating—is a critical measure used by UpGuard to calculate CSTAR scores. Let's revisit the aforementioned top-rated Glassdoor CEOs and their respective companies to understand why.

A quick UpGuard risk assessment reveals the following:

CSTAR scores for Salesforce.com, Apple, and Facebook.

Note the strong CEO approval ratings coupled with strong website perimeter and email security controls to boot. But what about Glassdoor's worst performers, that is—companies that score the lowest when it comes to CEO employee approval?

Let's take a look at three from the bottom of the barrel—Dillard's, Forever 21, and HTC. We gauged their cyber risk with UpGuard's risk assessment platform:

CSTAR scores for Dillard's, Forever 21, and HTC.

Low employee approval ratings for all three CEOs, and for each respective company—correspondingly bad email and website perimeter security. Each firm housed a myriad of security risks, including missing sitewide SSL, leakage of sensitive data, and lack of DMARC and DNSSEC, among others.

Related Blog:

ATM Skimming and The Future of External Threats

A routine fill-up at the local gas station or ATM withdrawal might cost you dearly these days. With the recent surge in ATM and gas pump skimming attacks, you certainly wouldn't be alone—in fact, the odds are one in three that you'll fall victim to identity theft once your financial data is swiped. Is there any hope in an increasingly hostile landscape rife with external threats?

Security As an Indicator of Strong Corporate Culture

For HTC, its most devastating blow to-date was not a cyberattack, but a case of corporate espionage: in 2013, the company's VP of Product Design, R&D Director, and Senior Manager of Design and Innovation were arrested for selling key intellectual property to a rival Chinese handset manufacturer. HTC's share prices plummeted following the announcement; 5 employees were eventually indicted for leaking company secrets, falsifying expense reports, and taking kickbacks.

Again, many factors come into play when determining an organization's cyber risk profile. That said, CEO approval rating is often an accurate barometer for a company's internal state of affairs, including matters related to infrastructure security. As the old adage goes, corporate culture is top-down. Bad thinking from leadership breeds similar mindsets amongst managers and workers. Furthermore, a firm that harbors disdain for its leadership is less likely to maintain a culture of strong security—for employees or customers.


More Articles

Inside Microsoft’s Open Source And DevOps Initiatives For The Enterprise UpGuard 101: Verifying Windows Groups Top Retailers Who Should Know Better

The Amex Partner Data Breach and Downstream Liability

If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >

The Nightmare Scenario: When Your Security Provider Becomes a Security Problem

You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >

Top Retailers Who Should Know Better

The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >