Employees: The biggest cyber security threat to businesses today?

Employees: The biggest cyber security threat to businesses today?

WinMagic marked its appearance at Cloud Security Expo with the release of a new study analysing the disconnect between end-user employees and IT managers.

Two simultaneous studies polled 1,000 employees and 250 IT managers respectively from businesses across UK to discover the importance of IT and data security in the workplace. Rifts in perception versus reality between these two groups revealed habits and knowledge-gaps that compromise UK PLC’s cyber security.

High-profile breaches have prompted action:

In the wake of high profile data breaches such as TalkTalk, employees and senior management are more aware of the importance of data security; and are taking action. Correspondingly, 44% employees feel their organisation has placed greater emphasis on data security, and 60% IT Managers admit to having taken action as a direct result of high-profile breaches.

  • The majority of employees (31%) describe themselves as the biggest IT security threat to their businesses, followed by hackers (30%).
  • IT managers believe hackers represent the greatest threat (37%) followed by employees (24%) and a lack of rigid security policies (22%).
  • Employees (92%) and IT managers (92%) agree that IT and data security is important to their business.
  • A worrying 12% of employees suggest that they never received any training or communication on data and IT security despite 80% of IT managers claiming to communicate or train on the subject once a year or more.

The call for democratised responsibility

As employees become more aware of the impact of data breaches, and the need for IT security, they are developing a greater sense of responsibility for protecting company data. Despite a slim majority (41%) believing that the IT team remains mostly responsible for data security; over a third of employees (37%) believe that everyone is responsible for it. IT managers themselves, however, are least likely to apportion responsibility for security to those outside of the IT team with only 10% suggesting that IT Security is everyone’s responsibility.

Darin Welfare, Vice President and General Manager EMEA, WinMagic commented: “There is a clear disconnect between employees, who feel that they must share responsibility for security, and those currently seen as ‘in charge’ of this area. As employees bear witness to ever more high-profile contemporary data breaches, they are increasingly aware of their responsibility to share in data security. Businesses and IT managers who recognise and respond to this heightened level of awareness are going to ultimately see more success in implementing policies and systems to best effect.”

Feeling responsible doesn’t mean acting it

Whilst 80% of employees believe methods they use to store company data are somewhat or wholly secure, IT managers remain unconvinced. They are most concerned with security, and the habits of employees, when it comes to storing company data on personal hardware or in cloud environments.

  • Twenty-five percent of employees are actively storing work data on private cloud services, whilst 15% are using personal hardware
  • The majority of IT Managers (63%) state that they are concerned about employees storing company data on private cloud; on personal hardware this rises to 68%.
  • Portable storage devices continue to be a preferred storage option for company data for 20% of employees; alongside company hardware (52%)

 

Browse our latest issue

Intelligent CISO

View Magazine Archive