IT Strategy

Binghamton team looks for correlation between layoffs and data loss

Some ways to prevent data breaches are more social than technical, according to one professor.
article cover

Bill Varie/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Researchers at Binghamton University will spend much of the next school year testing a pair of workplace hypotheses:

  • Companies that announce layoffs are more likely to face a cybersecurity breach.
  • Orgs that demonstrate some concern for employee well-being, or what the professors call “corporate social responsibility,” can reduce the likelihood and severity of a breach—a difficult task when former team members are packing up their desks.

“They have to explain about their financial losses, and they have to explain about the market trends, and lots of other things, and the need to restructure the entire company, so that people understand that, ‘Hey, that is not personal,’” Binghamton professor Thi Tran told IT Brew.

According to layoffs.fyi, more than 130,400 tech workers in 398 companies have been laid off in 2024. (In 2023, layoffs in the sector reached 264,220. In 2022: 165,269.)

“Layoffs can create conditions where disgruntled employees, facing stress or job insecurity, are more inclined towards risky behaviors that heighten vulnerability to breaches,” the report, which Tran and his colleagues wrote, concluded, claiming that uneasy employees may not prioritize security best practices, and that “layoffs can lead to dissatisfied former staff members who could potentially access sensitive data or systems.”

The research group, which included professors from Vietnam National University, Liverpool John Moores University, and Texas Woman’s University, noted that existing research hasn’t closely examined the influence of workforce reductions on cybersecurity risks.

In recent years, the Department of Justice announced that disgruntled IT pros had compromised their former employers’ water facilities, financial companies, and high schools.

“There’s a truth that I think we collectively accept, which is whether budgets are reducing or layoffs or any economic pressure on an organization…any exertion of any pressure of that type actually can increase cyber risk,” Harold Rivas, CISO at cybersecurity company Trellix, told IT Brew. “As budgets go down, risk goes up.”

According to the academic report, published in July 2024, “collaborative efforts with employees, their families, the local community, and society as a whole, with the aim of enhancing overall quality of life”—also known as “corporate social responsibility”—has a mitigating impact on breaches and their severity. The more that a company can create a feeling of family, the better, Tran said—since many pros will want to protect a group they feel a close bond with.

Intel, which announced a 15% employee reduction on August 1, this week reportedly offered its employees in Ireland voluntary severance packages equaling up to €500,000—an effort that Tran appreciates.

“That is a very good message, because it also says something like, ‘Hey, I will try to minimize the impact on your life,” Tran said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B