Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and decision-making suffer.

“From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates,” said Rob Lee, Chief of Research and Head of Faculty at SANS Institute.

According to CyberArk, 65% of office workers admit they’ve bypassed cybersecurity policies to stay productive. Frustration and anger can also drive impulsive behavior, including actions that intentionally or unintentionally put company systems at risk.

The high price of stress

When getting things done quickly matters more than following the rules, employees might:

• Share passwords just to keep things moving.
• Ignore updates because they feel like a hassle.
• Fall for phishing attempts, as stressful environments make us more likely to overlook red flags and click on suspicious links.

Toxic workplaces also lead to high turnover, and replacing employees can be expensive, with costs for recruitment, training, and lost productivity. This turnover can also create security risks if employees aren’t offboarded properly, especially if it happens suddenly and in large numbers, meaning one problem leads to another.

How to approach this problem

Anonymous pulse surveys

HR can distribute short, anonymous surveys to gauge employees’ comfort with raising concerns, reporting mistakes, or discussing security risks. Key questions can focus on whether team members feel safe speaking up without fear of judgment or retaliation.

Tracking stress signals and engagement

By monitoring key metrics such as engagement, absenteeism, turnover, and other signs of stress or disengagement, HR could potentially identify patterns that indicate rising stress levels among employees. This early detection may help organizations intervene before stress leads to risky behaviors, including security lapses or breaches.

Leadership’s role in cybersecurity

Leaders who understand how to manage stress and support their teams with empathy are better equipped to balance deadlines with security priorities. By setting an example and prioritizing security, even during high-pressure periods, they encourage teams to follow suit, reducing the risk of shortcuts that could compromise safety.

Training and awareness programs

Phishing simulations: Test employees with fake phishing emails to help them identify common scams. While the employee may not always show visible signs of stress, these simulations can reveal how stress or urgency in real work situations might cause someone to overlook red flags.

Case studies and role-playing: Employees can practice making security decisions in high-pressure situations. For example, they might be put in a scenario where they need to decide quickly whether to share a password or skip a security update, helping them see the risks of making quick decisions under stress.

Real-life incident reviews: Analyzing actual incidents of security breaches within the company or from the industry allows employees to see the consequences of real mistakes.