Despite investment in cyber security, employees are still putting organisations at risk, according to new research from Databarracks
A new study reveals that nearly two thirds (61 per cent) of IT decision makers believe their employees regularly circumvent company security policies. Despite the fact that over half of those surveyed have invested in safeguards to protect their businesses against cyber threats in the past 12 months, careless employee behaviour could be leaving many organisations exposed to risks.
The findings are part of Databarracks' sixth Data Health Check report, which surveyed over 350 IT decision makers in the UK.
When asked how often they thought their employees flout security polices (such as taking company data offsite, fabricating or omitting information on sign-in sheets and keeping written records of passwords) 61 per cent estimated their workforce side-step such practices at least once a month, with around a third (28 per cent) saying it's daily or more.
These results can be considered in contrast to other findings from the report; over half (59 per cent) have invested in safeguards in the past 12 months to protect against cyber threats like malware, viruses and phishing attacks. However, if employees are commonly circumventing the security practices put in place by company IT departments, these protocols may not be as effective as hoped.
Oscar Arean, technical operations manager at Databarracks, commented on the results:
"We expanded the remit of the Data Health Check this year to look at how IT departments approach cyber security, and how their users experience (and respond to) their approaches. The results have been pretty damning, with IT managers seriously lacking confidence in their employees' commitment to their security plans. If they're correct, then their businesses will be left exposed to cyber threats, as well as other more traditional threats such as social engineering. It may be no coincidence that two thirds (66 per cent) of those we questioned had been affected by a cyber-threat in the past 12 months. No amount of investment in cyber security policies can make up for poor employee habits; IT managers need to address this issue if they are to secure their organisations from malicious...