A recent study explores companies’ responses when an employee falls for hacking. Turns out, shaming doesn’t work.

When an employee causes a cybersecurity breach, company leaders may want to single out that employee by “blaming and shaming.” The intent is to prevent future breaches, but the results can be devastating, as the author explains:

“Shame is similar to a boomerang that will come back to hurt the organization, as well as harming the employee. Managers should deal with the mistake, but not reject the employee. If employees feel that their personhood is being attacked, they will respond defensively. Shaming results in a lose-lose outcome.”

I can’t think of a situation when blaming and shaming works. In the case of a hack, the employee already feels bad and won’t likely make the same mistake. Instead of causing disloyalty, leaders might try demonstrating compassion.

Image source.