Gap widens between IT pros and end users while security worsens

Over half (52 percent) of IT practitioners believe that policies against the misuse or unauthorised access to company data are being enforced and followed, yet only 35 percent of end users say their organisations enforce those policies.

A new study from the Ponemon Institute analysed responses from 1,371 end users and 1,656 IT and IT security professionals from various industries in the UK, US, France and Germany.

It was discovered that 61 percent of respondents working in IT or security roles view the protection of critical company information as a very high or high priority and 38 percent of end users of this data believe it is a very high or high priority.

To maintain productivity, 38 percent of IT practitioners and 48 percent of end users say their organisations would accept more risk to the security of their corporate data.

Over half (53 percent) of IT pros feel the protection of company data is a top priority for senior executives. Meanwhile, only 35 percent of end users agree.

Half (50 percent) of IT practitioners and 58 percent of end users say negligent insiders are the most likely causes of the compromise of insider accounts. Only 22 percent of IT practitioners and 23 percent of end users say external hackers are a likely cause.

Just over three quarters (76 percent) of IT practitioners and 59 percent of end users say their organisation has had a data breach in the past two years.

Only 39 percent of end users feel they take all appropriate steps to protect company data that is accessed and used in the course of their jobs. On the other hand, 52 percent of IT practitioners say that employees in their organisations take the appropriate steps to protect company data accessed by them.

“At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyber-attacks and security breaches, this survey instead found an alarming decline in both practices and attitudes,” said Dr Larry Ponemon, chairman and founder of Ponemon Institute. “If an organisation's leadership does not make data protection a priority, it will continue to be an uphill battle to ensure end users' compliance with information security policies and procedures. Major differences between the IT function and end users about appropriate data access and usage practices make it harder to reduce security risks related to mobile devices, the cloud and document collaboration.”

Sign up to our newsletters