Employees are the biggest cybersecurity threat to businesses today
Two simultaneous studies polled 1000 employees and 250 IT managers respectively from businesses across UK to discover the importance of IT and data security in the workplace. Rifts in perception versus reality between these two groups revealed habits and knowledge-gaps that compromise UK plc’s cybersecurity.
High-profile breaches have prompted action:
In the wake of high profile data breaches such as TalkTalk, employees and senior management are more aware of the importance of data security; and are taking action. Correspondingly, 44 percent of employees feel their organisation has placed greater emphasis on data security, and 60 percent of IT Managers admit to having taken action as a direct result of high-profile breaches.
- The majority of employees (31%) describe themselves as the biggest IT security threat to their businesses, followed by hackers (30%)
- Conversely, IT managers believe hackers represent the greatest threat (37%) followed by employees (24%) and a lack of rigid security policies (22%)
- Overwhelmingly employees (92%) and IT managers (92%) agree that IT and data security is important to their business
- A worrying 12 percent of employees suggest that they never received any training or communication on data and IT security despite 80 percent of IT managers claiming to communicate or train on the subject once a year or more
The call for democratised responsibility:
As employees become more aware of the impact of data breaches, and the need for IT security, they are developing a greater sense of responsibility for protecting company data. Despite a slim majority (41%) believing that the IT team remains mostly responsible for data security; over a third of employees (37%) believe that everyone is responsible for it. IT managers themselves, however, are least likely to apportion responsibility for security to those outside of the IT team with only 10 percent suggesting that IT Security is everyone’s responsibility.
Darin Welfare, Vice President and General Manager EMEA, WinMagic commented: “There is a clear disconnect between employees, who feel that they must share responsibility for security, and those currently seen as ‘in charge’ of this area. As employees bear witness to ever more high-profile contemporary data breaches, they are increasingly aware of their responsibility to share in data security. Businesses and IT managers who recognise and respond to this heightened level of awareness are going to ultimately see more success in implementing policies and systems to best effect.”
Feeling responsible doesn’t mean acting it:
Whilst 80 percent of employees believe methods they use to store company data are somewhat or wholly secure, IT managers remain unconvinced. They are most concerned with security, and the habits of employees, when it comes to storing company data on personal hardware or in cloud environments.