Survey Says Employees Understand, Yet Ignore Security Policies

November 11, 2010

Despite the fact that most office workers around the world claim to understand their company's security policies, they attribute almost all IT security breaches to ignorance or well-meaning attempts to circumvent overly restrictive security policies, says a survey on the subject. The latter is especially troubling, but perhaps even worse is the prevalence of what the report calls "IT free-styling," the casual disregard for the boundary between personal and private use of hardware and Internet resources, and the disregard for security policy, even if it is understood.

The Clearswift Security Awareness Survey polled 2,000 office workers in U.S., Australia, Germany, Netherlands and the UK. About 71 percent of employees reported that their company had a clear Internet policy understood by most employees. Only 3 percent of employees reported that their company had no policy; 17 percent said their company a policy that wasn't enforced and 9 percent said that their company had a policy that most employees didn't understand. Employees were also confident they understood what sort of data could be sent via e-mail (79 percent) and what was allowed on work-related social media (65 percent). The percentage of confident employees was a bit lower regarding what sort of security was in place for work related e-mail, but still high at 52 percent.

Despite the fact that most employees said they understood their company's Internet policy, however, there was still confusion and resentment surrounding it. Twenty-one percent of users listed their company's Internet monitoring as the most confusing aspect of using the Internet at work. Twenty-two percent didn't know if their Internet usage was monitored, and, of the 57 percent who did know that their usage was being monitored, 38 percent felt that their company accessed more personal Internet usage information than was necessary to maintain security.

Workers also attributed 20 percent of breaches to people trying to get their jobs done more efficiently, and 11 percent to people who were simply frustrated with unrealistic security policies. And 50 percent of users say that there are informal rules about what's really acceptable at work, despite what the official company policy says.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Survey Says Employees Understand, Yet Ignore Security Policies

Related Articles

Report Abusive Comment