Balancing security and productivity: has cyber security culture gone too far?

Published: Tuesday, 18 June 2019 07:57

A new academic paper takes a look at cyber security cultures within businesses and asks whether increasing restrictions are having damaging impacts on productivity.

‘Cybersecurity and productivity: has a cybersecurity culture gone too far?’ by George M. Aiken from the University of Central Florida was published by the American Society of Business and Behavioral Sciences.


Since the mid-1980 the Advanced Research Product Agency Network, also known as the ARPANET, the predecessor of today’s Internet, has been subject to various network intrusions, both from internal and external sources. The intrusions, initially software applications such as viruses, trojans, and other malicious devices, has expanded into what is known today as network penetrations, electronic mail spoofing, shoulder surfing, insider threats, phishing, and social engineering. To combat this, entities have implemented a cybersecurity culture that includes cybersecurity access control, auditing and accounting systems, business continuity plans, physical security, senior management buy-in, and training. Many entity personnel subjected to this culture are beginning to complain that implementing a cybersecurity culture will, either now or in the future, have a negative effect whereas there is a possibility of a point of productivity diminishing return. The paper explains the concepts of a cybersecurity culture, explores the concept of a negative productivity impact that culture has on an entity, and presents a future research hypothesis that explore a point of negative productivity return in the future as the results of a cybersecurity culture.

Read the paper.