Critical company data is at risk in the UK as a result of organisations focusing too many IT security policies and resources on preventing cybercrime, research from Cisco has revealed.
The results, which draw on responses from over 1,000 employees in the UK, uncover two significant issues. Firstly, employee behaviour is becoming an increasing source of risk – more through complacency and a lack of awareness than negative intent.
And secondly, an increasing number of employees feel security policies are inhibiting innovation and collaboration, and that the costs of lost business opportunity outweigh the cost of a security breach – to the point where some employees take steps to circumvent the policy.
Only 58% of respondents in the survey were aware of major security threats and the risks they present to personal and company data. More than a third (39%) expected their company to take care of data security in the workplace, while just over half (54%) believed it is their responsibility to keep personal and company data safe.
Meanwhile, a hefty 62% seemed so insulated from the true extent of threats that they think their behaviour only has low to moderate impact on security.
This attitude may be a result of a lack of visibility given to policies or even the threats that drive them. While 61% of employees thought their company had a security policy, 15% did not know if there was one or not.
>See also: Enterprise security is a matter of policy
Almost half (48%) said they weren’t concerned about the policy as it didn’t affect what they do, and, 37% said they only notice one exists when they are stopped from doing something by the security settings.
As a result, 37% admitted to low or moderate levels of adherence and twice as many people admitted to being more rigorous about data security at home (24%) than at work (12%).
Employee behaviour (50%) was second only to cybercrime (70%) when employees were asked to identify the top two greatest sources of risk to data security. All of those surveyed use their company’s network for personal transactions – the most popular was personal banking (79%), followed closely by online shopping (75%) and travel (59%).
Employees across the UK are increasingly looking at IT security as a barrier rather than an enabler for business. The survey revealed that one in eight (12%) thought the focus on IT security is stifling innovation and collaboration and 13% say it’s making it harder to do their job.
Almost one in four (22%) said that the cost of lost business opportunity outweighs the cost of a potential security breach.
“This study confirms the complex challenges facing businesses when it comes to IT security,” said Terry Greer-King, director of cyber security at Cisco UK and Ireland. “The results show that most employees recognise the threat from cybercriminals is real and worthy of continuous defence, but it also reveals that employee complacency about IT security is increasing the risks for UK businesses.
“An employee who blindly trusts is one amongst several weak links in the security chain.”