Poor digital experience a blocker for cyber resilience

Organisations that neglect the so-called digital employee experience (DEX) are exposing themselves to a litany of risk, from employees quitting out of frustration, to increased levels of cyber threat, particularly from insiders, an Ivanti report has revealed.

The report, New imperatives for digital employee experience, details how technology increasingly drives employee satisfaction, retention and productivity, and is based on data collected from 7,800 people, including 6,000 office workers, 1,200 cyber security professionals, and 600 senior executives. Data was drawn from respondents in Australia, France, Germany, Japan, the UK and the US, with about 17% of respondents UK-based.

It revealed the extent to which inadequate DEX practices are causing more than just technology problems for knowledge workers.

Among other things, it found 57% of people report serious friction at least weekly while trying to use workplace technology, 17% have either quit due to poor technology or would consider doing so (34% among the Generation Z cohort), and 61% say having a bad experience with technology has a negative impact on morale.

Moreover, IT pros tasked with implementing DEX weren’t reaping the benefits of it. The majority of IT pros still work remotely and want to continue to do so at least part-time, but are significantly more likely to experience problems when doing so, including being overburdened by logins and notifications, and a surfeit of tools. A significant minority also felt they didn’t have enough visibility into what applications others were using in the workplace.

“Organisations globally are grappling with how to optimize DEX for the entire workforce,” said Ivanti CEO Jeff Abbott.

“Best-in-class organisations view DEX as a powerful tool to improve accessibility, employee retention and the security of their organisation. However, with the rapid progress of AI and automation, the real DEX opportunity is for organisations to enhance employee productivity, speed, and value creation with the best possible IT solution platform.”

Writing in the report’s preamble, Sabine VanderLinden, CEO and managing partner of Alchemy Crew, a specialist in de-risking the insurance sector, said: “Defining DEX is a journey, not a destination. We’ve understood it to be the totality of digital touchpoints and employee encounters, but its implications are vast.

“Despite acknowledging DEX’s significance, a mere 56% of organisations have ramped up their DEX-specific budgets in 2023. This reveals an alarming dichotomy: while many concede its importance, few adequately invest in its optimisation.

“The essence of DEX transcends device health checks. An evolving paradigm witnesses DEX as an all-encompassing organisational ethos,” said VanderLinden. “It’s about crafting enriching digital journeys, buttressing organisational security, and more profoundly, leveraging technology to avert issues proactively.”

Extrapolated for cyber security professionals, the implications of the report’s findings are clear, since it has long been known that unhappy and stressed employees are a key driver of insider risk.

As such, failing to prioritise DEX could lead to people making mistakes that let threat actors into the network, such as clicking on links that are clearly malicious, or falling for a business email compromise (BEC) scammer impersonating an executive. In extreme circumstances, a particularly disgruntled individual could even leak vital data themselves, or hand it over to a competitor when they resign.

This aligns with the findings of another recent report compiled by analysts at the Ponemon Institute, working with insider risk specialist DTEX.

In their study, the Ponemon Institute and DTEX found that the costs of containing and remediating cyber incidents arising from insider risk are growing, as is the time needed to recover from them. It also found that while security and c-suite leaders recognise that they need to do more about this (and many plan to) at present, organisations are not directing nearly enough of their security budgets to address the issue, preferring instead to spend lavishly on high-profile threats even though most breaches begin through insiders.