Summary
Now that phishing simulations are common, security teams debate whether to punish employees who fail them, as well as those who fail cybersecurity quizzes or fall victim to scams such as business email compromise. This punishment ranges from extreme sanctions such as disciplining or terminating the offenders or victims to less severe forms including forcing employees to sit through more training. While the latter may sound OK, employees disagree, with one remarking: “Get a red-hot poker and open up my eyes, it’s so boring.” This report details why punishing employees is a decidedly bad idea and explains how to nurture the better behavior that fosters a lasting and positive security culture.
Log in to continue reading
Client log in
Welcome back. Log in to your account to continue reading this research.
Become a client
Become a client today for these benefits:
- Stay ahead of changing market and customer dynamics with the latest insights.
- Partner with expert analysts to make progress on your top initiatives.
- Get answers from trusted research using Izola, Forrester's genAI tool.
Purchase this report
This report is available for individual purchase ($1495).