Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesAccess ManagementCybersecurity News

Employees’ Security Hygiene Getting Worse as Ransomware Exposes Insider Negligence

cyber 2 responsive default
August 30, 2016

At a time when ransomware and other attack techniques that exploit insider negligence become rampant, only 39 percent of end users believe they take all appropriate steps to protect company data accessed and used in the course of their jobs. This is a sharp decline from 56 percent in 2014, according to a new survey of more than 3,000 employees and IT practitioners across the U.S. and Europe. The report was conducted by the Ponemon Institute and sponsored by Varonis Systems, Inc. 

Moreover, while 52 percent of IT respondents believe that policies against the misuse or unauthorized access to company data are being enforced and followed, only 35 percent of end user respondents say their organizations strictly enforce those policies.

The new release, "The Widening Gap Between End Users and IT," compares end-user practices and beliefs with those of their colleagues in IT security and IT generalist roles. This new analysis draws from the same data released by Varonis and the Ponemon InstituteAugust 9, 2016, in a report entitled "Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations," which found a sharp rise in the loss or theft of data, an increase in the percentage of employees with access to sensitive data, and the belief among participants that insider negligence is now the #1 concern for organizations trying to prevent these losses.

The survey results are derived from interviews conducted in April and May 2016, with 3,027 employees in the United States, United Kingdom, France, and Germany. Respondents included 1,371 end users and 1,656 IT and IT security professionals, in organizations ranging in size from dozens to tens of thousands of employees from a variety of industries including financial services, public sector, health care and life sciences, retail, industrial, and technology and software.

Among the key findings:

  • Sixty-one percent of respondents who work in IT or security roles view the protection of critical company information as a very high or high priority. In contrast, only 38 percent of respondents who are considered end users of this data believe it is a very high or high priority.
  • Asked about their organization's attitude on productivity vs. security, 38 percent of IT practitioners and 48 percent of end users say their organizations would accept more risk to the security of their corporate data in order to maintain productivity.
  • Asked to agree or disagree that the protection of company data is a top priority for their CEO and other C-level executives, only 35 percent of end users agreed while 53 percent of IT professionals believe it is a top priority for senior executives.
  • Asked for the most likely causes of the compromise of insider accounts, 50 percent of IT practitioners and 58 percent of end users say negligent insiders. "Insiders who are negligent" was by far the most frequent response for both IT and end users, more than twice as common as "external attackers" and more than three times as common as "malicious employees."
  • End users are far more likely to attribute data breaches to insider mistakes than IT or security professionals. Seventy-three percent of end users say data breaches are very frequently or frequently due to insider mistakes, negligence or malice, while only 46 percent of IT respondents draw the same conclusions.

Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute, a leading research center dedicated to privacy, data protection and information security policy, observed, "At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyberattacks and security breaches, this survey instead found an alarming decline in both practices and attitudes. If an organization's leadership does not make data protection a priority, it will continue to be an uphill battle to ensure end users' compliance with information security policies and procedures. Major differences between the IT function and end users about appropriate data access and usage practices make it harder to reduce security risks related to mobile devices, the cloud and document collaboration."

http://www.nasdaq.com/press-release/study-finds-employees-security-hygiene-getting-worse-just-as-ransomware-exposes-insider-negligence-20160830-00431#ixzz4Is0jO8vx
 

KEYWORDS: cyber security data ransomware Security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber 3 responsive default

    Study Exposes Employee Negligence as Top Information Security Risk to U.S. Businesses

    See More
  • holiday

    A remote holiday season: Top tips to boost security as cyber hygiene diminishes

    See More
  • Security culture - building a culture that works

    Getting employees invested: Overcoming complacency to emphasize security

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing