
Have you ever said sorry to your team?
Jerich Beason (CISO at WM) shares lessons in trust, transparency and leadership in cybersecurity – and why saying sorry helps build stronger teams.
Read MoreFor years, the idea of ‘digital employee experience’ (DEX) has been filed under HR priorities – an issue of productivity and satisfaction (and by extension, retention). But a new wave of research is pushing organisations to change this: because DEX is also a live security concern.
When workplace tech frustrates or slows people down, they find ways around it. And those workarounds expand the attack surface faster than security teams can contain it.
Ivanti’s 2025 Digital Employee Experience report found that technology interruptions cost an average organisation of 2,000 employees around USD $4 million each year in lost productivity. That’s a financial issue, of course; but it also points to security vulnerabilities.
The same study reported that:
Those numbers matter because they map directly to shadow IT, unmanaged endpoints, and blind spots in monitoring. Employees aren’t (usually) malicious; they’re trying to be productive. But friction in official tools and support channels pushes them into insecure territory.
We could focus on tech stacks here – on fixing the problems that cause those tech interruptions. But if we go deeper, this is about culture. When we interviewed Michael Montoya (CISO at Equinix) he put the value of employee experience like this:
“To ensure a seamless security experience, the key is integrating technology and training for non-security employees that effortlessly align with their daily workflow, without friction.”
“Security becomes seamlessly designed into the business processes or workflow in the same way you don’t think about the airbags in your car – they have an unobtrusive yet crucial role in ensuring your safety.”
Montoya’s emphasis on culture and alignment echoes the Ivanti report’s warning: security teams can’t treat DEX as someone else’s problem. Poor workflows and fragmented tools create precisely the behaviours (like bypassing controls) that increase risk.
The DEX challenge is not confined to one geography. A 2025 workplace trend report from DLL suggests that hybrid work has made digital friction more visible. Tech must enable people to collaborate seamlessly across locations – otherwise frustration builds and productivity falls.
Meanwhile, another 2025 report from Ivanti – this one about technology at work – shows that return-to-office mandates often clash with employee expectations for flexibility; and that perceived inflexibility harms trust in leadership, as well as having a negative impact on motivation.
The common thread is that when people feel forced into workflows that don’t support them, engagement drops. And disengaged workers are more likely to cut corners.
One of the most noteworthy Ivanti findings is that 74% of IT professionals report tool overlaps, but 63% say consolidation isn’t a priority. On top of that, only 32% use unified endpoint management.
That level of fragmentation creates visibility gaps. If your team doesn’t know what devices are connected, what apps are being used, or where performance bottlenecks occur, it’s just not possible to reliably monitor for compromised tech.
The good news is that solutions do exist. The report also highlights where organisations can take immediate, tangible steps. For example, around 40% of organisations haven’t automated password resets, even though repetitive requests still dominate help desks.
Automating low-value IT tasks reduces cost and frees up staff – and it also reduces the chance that frustrated employees will try risky workarounds when they can’t get fast support.
People will always find a way to do their jobs. If official tools and processes make that harder, they’ll find alternatives. From a security perspective, every moment of digital friction is therefore a point of risk.
Organisations need to focus their response on bringing culture, process, and design together to make it easier for people to do their jobs – without having to bypass security controls or tech processes. As Montoya said in that interview,
“CULTURE, CULTURE, CULTURE. The statement that culture eats strategy for breakfast remains tested and true.
“CULTURE, CULTURE, CULTURE. … transforming mindsets and encouraging everyone to contribute to enterprise safety.”
“...it's about transforming mindsets and encouraging everyone to contribute to enterprise safety.”
That means:
Digital employee experience has become part of the security perimeter. Neglect it, and you create fertile ground for shadow IT, unsafe practices, and disengaged teams. Prioritise it, and you strengthen your organisation’s resilience.
Join the newsletter to receive the latest updates in your inbox.
Jerich Beason (CISO at WM) shares lessons in trust, transparency and leadership in cybersecurity – and why saying sorry helps build stronger teams.
Read MoreStefan Baldus (CISO at HUGO BOSS) reflects on two decades of building security culture – from early tool-based defenses to resilience, awareness, and preparing the next generation of cybersecurity leaders.
Read MoreNikk Gilbert (CISO at RWE) shares his perspective on AI-driven decision-making, compliance gaps, human fallibility, and why digital continuity may be our biggest security blind spot.
Read More