Impact Photography - stock.adobe

Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds

Organisations that neglect the so-called digital employee experience (DEX) are exposing themselves to a litany of risk, from employees quitting out of frustration, to increased levels of cyber threat, particularly from insiders, an Ivanti report has revealed.

The report, New imperatives for digital employee experience, details how technology increasingly drives employee satisfaction, retention and productivity, and is based on data collected from 7,800 people, including 6,000 office workers, 1,200 cyber security professionals, and 600 senior executives. Data was drawn from respondents in Australia, France, Germany, Japan, the UK and the US, with about 17% of respondents UK-based.

It revealed the extent to which inadequate DEX practices are causing more than just technology problems for knowledge workers.

Among other things, it found 57% of people report serious friction at least weekly while trying to use workplace technology, 17% have either quit due to poor technology or would consider doing so (34% among the Generation Z cohort), and 61% say having a bad experience with technology has a negative impact on morale.

Moreover, IT pros tasked with implementing DEX weren’t reaping the benefits of it. The majority of IT pros still work remotely and want to continue to do so at least part-time, but are significantly more likely to experience problems when doing so, including being overburdened by logins and notifications, and a surfeit of tools. A significant minority also felt they didn’t have enough visibility into what applications others were using in the workplace.

“Organisations globally are grappling with how to optimize DEX for the entire workforce,” said Ivanti CEO Jeff Abbott.

“Best-in-class organisations view DEX as a powerful tool to improve accessibility, employee retention and the security of their organisation. However, with the rapid progress of AI and automation, the real DEX opportunity is for organisations to enhance employee productivity, speed, and value creation with the best possible IT solution platform.”

Writing in the report’s preamble, Sabine VanderLinden, CEO and managing partner of Alchemy Crew, a specialist in de-risking the insurance sector, said: “Defining DEX is a journey, not a destination. We’ve understood it to be the totality of digital touchpoints and employee encounters, but its implications are vast.

“Despite acknowledging DEX’s significance, a mere 56% of organisations have ramped up their DEX-specific budgets in 2023. This reveals an alarming dichotomy: while many concede its importance, few adequately invest in its optimisation.

“The essence of DEX transcends device health checks. An evolving paradigm witnesses DEX as an all-encompassing organisational ethos,” said VanderLinden. “It’s about crafting enriching digital journeys, buttressing organisational security, and more profoundly, leveraging technology to avert issues proactively.”

Extrapolated for cyber security professionals, the implications of the report’s findings are clear, since it has long been known that unhappy and stressed employees are a key driver of insider risk.

As such, failing to prioritise DEX could lead to people making mistakes that let threat actors into the network, such as clicking on links that are clearly malicious, or falling for a business email compromise (BEC) scammer impersonating an executive. In extreme circumstances, a particularly disgruntled individual could even leak vital data themselves, or hand it over to a competitor when they resign.

This aligns with the findings of another recent report compiled by analysts at the Ponemon Institute, working with insider risk specialist DTEX.

In their study, the Ponemon Institute and DTEX found that the costs of containing and remediating cyber incidents arising from insider risk are growing, as is the time needed to recover from them. It also found that while security and c-suite leaders recognise that they need to do more about this (and many plan to) at present, organisations are not directing nearly enough of their security budgets to address the issue, preferring instead to spend lavishly on high-profile threats even though most breaches begin through insiders.

Misalignment on AI

The Ivanti report also revealed that 63% of IT workers and 44% of office workers were concerned that they would lose their jobs to artificial intelligence (AI) within the next five years.

IT staffers appear to feel particularly conflicted about AI – they tend to believe that the benefits of the technology will accrue more to employers than employees, with just 7% seeing a net benefit to employees. At the same time, they were also excited about the potential for AI to automate the more mundane aspects of their work.

And at the top of the organisations it surveyed, Ivanti found evidence of a clear misalignment between bosses and workers.

“Executives are excited to figure out how generative AI can transform their organisations and boost productivity, but the team that will execute this transformation isn’t fully on board,” observed Ivanti CIO Bob Grazioli.

“IT leaders who aren’t actively addressing their employees’ fears when it comes to AI are doing their already stressed teams a disservice.”

But AI could also hold at least part of the solution to the DEX conundrum. The report found there seemed to be some appetite to exploit the nascent technology to diagnose and solve technology problems before they impact the user or business – which would also have the added benefit of alleviating some of the stresses on IT and security teams.

From a cyber perspective, these self-healing systems, which are being increasingly used among 52% of organisations that responded to Ivanti’s survey, could automate security hygiene configurations, such as firewall compliance, antivirus protection and disk encryption, and minimise service interruptions should an event occur.

Read more about risk management

Read more on IT risk management