How Cultural Differences Impact IT Security
New and entry-level employees pose the greatest security risks, according to a majority of U.S. and German IT professionals. Frequent travelers came in second.
70% of American IT security practitioners and 64% of their German counterparts say employees’ unintentional mistakes cause more security incidents than intentional and malicious acts.
49% compared to 44% of U.S. and German respondents, respectively, say they cannot tell the difference between security incidents caused by careless employees versus those caused deliberately and maliciously.
American IT practitioners who can differentiate between maliciousness and negligence say they represent 70% of all insider security incidents, compared to 63% of German respondents.
Respondents spend an average of three hours daily dealing with security risks caused by employee mistakes or negligence. They also waste two hours due to insider carelessness.
72% of U.S. respondents and 66% of German respondents say ordinary users pose the greatest security risk because of their negligence. Contractors and third parties followed at 50% and 64% of U.S. and German respondents, respectively.
New and entry-level employees pose the greatest risk, according to 81% of U.S. respondents and 80% of German respondents. Frequent travelers came in second: 71% U.S. respondents, 68% German respondents.
Employees who work too many hours pose a risk, according to 69% of U.S. and 56% of German respondents. On average U.S. employees work 48 hours per week, compared to German employees, who work 35 hours.
According to 79% of U.S. respondents and 81% of German respondents, multitaskers are more likely to be careless or negligent.
Asked to estimate how much IT security spending they could save if employee negligence and carelessness were reduced by 50%, U.S. respondents’ highest estimate was 37%. Their German counterparts’ estimate was 36%.
U.S. IT practitioners point to employees improperly trained to follow data security policies and senior executives who don’t consider data security a priority. In contrast, they admit that their organizations lack safeguards to protect against careless employees.