Underpaid Employees Are a Cybersecurity Risk

Photograph by George Frey/Bloomberg

Cybersecurity breaches such as those at Target, Home Depot, and JPMorgan Chase are expensive and embarrassing. While attacks may come from outside hackers, the FBI recently issued a warning that internal hacking from current and former employees poses the biggest threat—and is on the rise. The FBI recommends companies take additional security precautions such as changing their passwords more often. There may be a simpler way: Pay employees more to keep them from becoming disgruntled in the first place.

The rise in employee hacking is just a new wrinkle in the ever-present epidemic of employee theft. Studies have documented the many reasons why employees steal: personal predisposition, economic need, workplace culture, or often a misguided sense of fairness. According to Queens University business professors Liane Greenberg and Julian Barling (PDF), workers often steal when they feel their employment relationship is unfair. They might see stealing as justified because it restores moral order. That attitude is most common when employees consider themselves underpaid, and Greenberg and Barling cite studies that show employee theft increased when pay was cut with no explanation.

The difference now is that companies are more vulnerable to technology. The FBI reports an increase in investigations related to disgruntled current and former employees who destroy data or steal customer information and proprietary software. Some use the data to gain a competitive edge in their next job. There are even cases of former employees attempting to extort money by holding company websites hostage.

Like other kinds of stealing, data theft may stem from low morale. According to the 2013 Gallup State of the American Workplace report, 70 percent of workers are either not engaged or actively disengaged with their jobs. Stagnating wages and record company profits can also breed resentment. A recent survey on global engagement from Aon Hewitt (PDF) says pay is becoming increasingly critical to morale. It now ranks third behind future opportunities and firm reputation. Aon Hewitt argues that stagnant or falling wages pushed pay near the top of workers’ concerns.

Few disgruntled employees take out their frustration by breaking the law. But if cybersecurity threats from within are a problem, companies shouldn’t simply increase security but also must consider what they can do to raise morale. The Hewitt survey shows few things are as effective as higher pay. Compared to the FBI’s claim that security breaches have cost some businesses as much as $3 million, couldn’t paying workers more be cost-effective?

    Before it's here, it's on the Bloomberg Terminal.