DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Insider Threat Research by Binghamton University: Are mass layoffs and data breaches connected?

Posted on July 11, 2024 by Dissent

Binghamton University press release by Anthony Borrelli:

The WARN notice gets filed, and among the hundreds of workers who will get the proverbial pink slip, one spiteful ex-employee performs a hack that triggers a massive leak of confidential data ranging from bank account information to social security numbers.

It sounds like the trappings of a plot out of your favorite crime drama, right?

In reality, a 2022 survey of 722 chief financial officers conducted by PricewaterhouseCoopers found company executives ranked cyber-attacks as a top risk faced by businesses, even as they continue to adopt safeguards.

A research team led by faculty from Binghamton University’s School of Management (SOM) in collaboration with scholars on two continents — including Vietnam National University and Liverpool John Moores University in the U.K. — has been exploring how mass layoffs and data breaches could be connected. Their theory: since layoffs create conditions where disgruntled employees face added stress or job insecurity, they are more likely to engage in risky behaviors that heighten the company’s vulnerability to data breaches.

The research, outlined in a paper titled “The Impacts of Layoffs Announcement on Cybersecurity Breaches,” was presented by Binghamton faculty at the Pacific Asia Conference on Information Systems (PACIS) in Vietnam in early July. The study’s motivation was to explore the revenge-type behavior of people affected by layoffs and the social justice aspect of people seeking to “punish” a seemingly “bad business” through hacking.

“Some companies try to be nice by announcing layoffs first, terminating access to the laid-off employees later, but that can easily open the door to cybersecurity risks—especially if the laid-off employee is feeling vengeful,” said Assistant Professor Thi Tran, who is leading the project and presented the paper at PACIS.

“Because they used to be an employee, they have confidential information about security layers that can be bypassed,” he added. “The more they know about the system, the worse it could be.”

In the study, researchers propose if companies were more proactive with corporate social responsibility initiatives that emphasize ethical conduct and data security during layoffs, they could reduce the risk of data breaches arising from those situations.

An IBM Cost of Data Breach report in 2023 revealed the significance of losses posed by data breaches. The report stated the global average cost of a data breach that year was $4.5 million, a 15% increase from the previous three years.

While announcements about mass layoffs are not uncommon among today’s headlines, there has been little research related to the possible connection between them and cybersecurity for those companies. This is primarily because the concept of mass layoffs is a relatively recent phenomenon, said Sumantra Sarkar, an associate SOM professor who is helping conduct the research.

“In the old days, industries were more manual-oriented, and you could not replace people with the click of a button, but in the current information technology world, you hire people by the thousands, and you can lay off people much the same way. This opens the door for our research because humans are statistically the weakest link of the IT security chain,” Sarkar said.

“People react to triggers in their environment, such as layoffs,” he added, “and that’s why security problems often come from the people either inside the organization or vendors with inside knowledge of the infrastructure.”

The researchers said companies could also leave themselves vulnerable, apart from using outdated security systems, by outsourcing IT and cybersecurity tasks as a cost-cutting measure in response to layoffs.

In addition, negative publicity that tends to follow layoffs could lead people to infer the company had been suffering from financial problems or poor leadership, which could create an opportunity for hackers with political motivations to take advantage.

“When people hear about layoffs, it’s going to be viewed as something bad that can happen to them or anyone else in society. So, if you’re in tune with how people consume information, you want to do whatever you can to build a good picture in the public’s mind to minimize negative consequences,” Tran said. “We’re looking at not only the probability of something like data breaches resulting from mass layoffs happening but the severity if something like that actually does happen.”

Related posts:

  • Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Category: Commentaries and AnalysesInsider

Post navigation

← Za: South African mining giant hacked
Meow Leaks: The Interview →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.