Why IT Executives Disregard Security Policies
-
Why IT Executives Disregard Security Policies
Even though the majority of IT leaders believe their job could be at stake over a security breach, many continue to exhibit lax security practices. -
IT Security Remains Top Spending Priority
87% of respondents expect increased investment in security this year. -
Insiders Still Greatest Threat
46% of IT managers believe that employees or insiders represent the greatest security risk to organizations. -
Security Protocols Not Followed
On average, 33% of all security protocols are not followed by staff. -
High Number of Security Breaches
38% of respondents experienced data breaches during the last year. One factor for this number could be that one-third of all staff ignore security protocols. -
Brunt of Security Responsibility
78% of respondents believe IT managers are primarily responsible for their organization's security. -
The Penalty for Security Breaches
65% of IT decision-makers believe they are likely to lose their job in the event of a security breach. -
Age Matters
38% of those ages 18-44, compared to 25% of those over age 45 report security protocols not being followed. 41% of those 18-44 have hacked their own or another organization, compared to 12% of IT decision-makers over 45. -
Cavalier Attitude Toward Security
89% of those 18-44 say they are sufficiently staffed to provide effective security. 75% of IT decision-makers over 45 believe this. 92% of those 18-44 are confident their organization can contain a breach compared to 79% of those over age 45.
A new study finds that a surprisingly high percentage of IT executives—45 percent—knowingly circumvent organizational security policies, and many have even successfully hacked their own or another organization. IT decision-makers between the ages of 18 and 44 demonstrate a "much more cavalier" attitude toward IT security than those over age 45. "It was alarming to see such a high incidence of non-compliant behavior by IT personnel," said Stephen Midgley, vice president of Global Marketing for Absolute Software, a security firm. "Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies." The survey was conducted online from Oct. 28 to Nov. 11 among 501 U.S. adults 18 years or older who hold IT director/executive, IT manager, IT administrator, IT security, or other IT information security management roles. They were employed at companies with 50 or more workers.