Nearly three-quarters of Irish office workers believe their employer holds staff personally responsible for cybersecurity incidents in the workplace.

Research from IT managed services company IT.ie, conducted in partnership with SonicWall, shows 73% of office workers think their employer holds staff responsible for cybersecurity breaches either through disciplinary action or unfavourable treatment.

Three in 10 workers reported that at least one person in their company has been fired for accidentally causing a breach in the last 12 months.

A total of 1,000 office workers were surveyed by Censuswide for the research, which also found that 38% believe their company 'always’ holds employees responsible for cybersecurity incidents, while 35% said they do so ‘sometimes’.

As a result, half (50%) of office workers feel stressed about cybersecurity in their job despite 60% believing that employees are not to blame for unintentional breaches and incidents.

The personal toll of causing a cybersecurity breach is so great that almost two-thirds (64%) of office workers said they would leave, or consider leaving, their job if they were to cause a breach.

Meanwhile, 79% advocate for organisations providing mental health support to those who fall victim to cybersecurity attacks.

The research found that many do not feel comfortable reporting cybersecurity concerns to the relevant people.

More than a third (36%) of those surveyed admitted that they have neglected to report a breach in the last 12 months, with the top reason for this cited as embarrassment, followed by fear of repercussions.

Further highlighting a culture of silence, one-in-five said they would not be comfortable reporting a concern to upper management.

“This research shows that businesses are, understandably, under enormous pressure due to the growing threat posed by cybercriminals. However, that pressure is wrongly being felt on a personal level by employees," said Eamon Gallagher, founder and managing director of IT.ie.

"While it is on all of us to be vigilant, the average office worker is not a cybersecurity expert; the onus is on business and IT leaders to ensure they have taken every step possible to safeguard their business and people.

“Stringent cybersecurity measures will become legally binding for EU organisations who fall under the NIS2 directive later this year. It places the responsibility back on senior leaders to oversee training, security and business continuity measures that ensure that if, and when, a breach does happen, its impact is minimal."

Stuart Taylor, regional director for northern Europe at Sonicwall, said: "Blaming individuals for breaches not only fails to address the root causes of cyber incidents but also creates an environment of fear that can restrict transparency.

"It's important for organisations to build a positive atmosphere where employees feel empowered to report concerns without the fear of repercussions. As cyber threats evolve, so must our approaches to security—prioritising collective responsibility and proactive measures over a culture of blame."

Photo: (l-r) Eamon Gallagher and Daniel Carr, territory account manager for Ireland, SonicWall. (Pic: Supplied)