A few years ago, the world — and particularly the CISO (chief information security officer) community — was shaken by a survey revealing that the average American spends almost 200 hours a year browsing adult sites, and notably, doing so on a work computer.
Research by NordVPN identified adult content sites as the biggest source of malware, making this delicate situation a serious cybersecurity challenge for many companies.
What can be done to mitigate the risks? IT specialists can block access to adult sites, although these are far from the only type of website spreading malware. Identifying the most enthusiastic users and warning them, or perhaps providing special support, could be an option. Nevertheless it could easily be perceived as a violation of employee privacy. Each and every department of the organization and every single employee could help protect the company. How could this situation be approached from the HR side? One option, yes, would be benefits.
Having spent my entire career in the insurtech industry, I may not be the foremost expert on the full scope of employee benefits, yet, in general, all benefits can be divided into two main groups.
The first group includes benefits where the direct beneficiary is the employee. For the employer, these serve primarily as elements of employer branding and as recruiting advantages. Retirement insurance is a good example — while it provides long-term social security for employees, employers do not directly benefit from employee’s higher pensions decades later.
The second group consists of benefits that bring value to both the employer and the employee. Health insurance is the most prominent example, allowing employees to detect and treat illness early, often with access to private clinics and shorter wait times. This saves time and ensures quicker recovery, enabling employees to focus on their work duties rather than spending days at medical centers or sick in bed. It’s a win-win situation for both sides.
Given how deeply digital our lives have become, tools that protect digital health should also be considered benefits that serve both employees and companies. There is a strong chance that, without even realizing it, you have been closer recently to becoming a victim of a cybersecurity incident than of catching the flu. Therefore, from a company’s perspective, employees’ cyber protection is as important as health insurance — if not more. A sick employee can stay at home and cause a loss in productivity for a limited period of time, but an infected computer or stolen user credentials can disrupt operations of an entire company.
While this piece began with a provocative statistic about employees viewing adult content on work computers, the reality of employee digital habits is no laughing matter. Studies show that between 70 and 97% of people use the same device — whether a computer, tablet, or phone — for both work and personal activities. Around 70% use work devices to check personal emails, 69% to browse the web and read news, 65% for online shopping, and 64% for social media.
From a cybersecurity perspective, these habits are risky and significantly increase exposure to malware, phishing links, and other threats. If an employee falls for a voice-cloning scam and loses personal funds, it’s unfortunate and distracting, but it doesn’t directly harm the company. However, if that same employee downloads malware from a fake shopping site that starts leaking the company’s data, it becomes a serious corporate issue.
Employees are the first line of defense, yet they are also often the first to make unintentional mistakes that can endanger the company. Organizations should therefore provide not only robust cybersecurity tools but also insurance benefits to protect both employees and the company in case of a cyber incident.
As cyber threats evolve from purely technical attacks like malware to increasingly sophisticated social engineering tactics, traditional cybersecurity tools are becoming less effective. Even experts sometimes fall victim to well-crafted deception.
We are living in what could be called the Wild West of cybersecurity and identity protection — where becoming a victim is easier than avoiding becoming one. It could also be compared to a pandemic: it’s much easier for an infection to spread than to avoid exposure, and even the best precautions can’t guarantee peace of mind.
This especially applies when a work computer is used at home because the poor cybersecurity habits of different family members can combine to create a variety of security and privacy threats. Just as with health — where one person’s illness increases the risk for everyone in the household — family members depend on each other’s digital hygiene to stay safe online. In the same way that many organizations extend health insurance coverage to employees’ families, it should also become standard practice to consider the cybersecurity protection of all household members. After all, digital security is now a shared responsibility, and one weak link can expose everyone connected to the same network.
Insurance offers a practical solution. Cyber insurance, while not yet a standard employee benefit, is quickly gaining importance. With growing risks of cyberattacks and identity theft, it is likely to take its place alongside health insurance and retirement programs — especially as it provides tangible protection not just for employees, but for employers as well.
Join our LinkedIn group Information Security Community!
