Some managers knowingly expose their businesses to threats

An alarming number of senior employees consciously expose their organizations to cybersecurity threats, a new survey by next-gen security company Palo Alto Networks says.

This is largely due to frustration with workplace policies and a poor understanding of cybersecurity threats.

The research findings show the actions of decision-makers undermine the $35.53 billion (£23.49bn) European organizations are predicted to spend on cybersecurity by 2019. The survey found that 27 per cent of respondents admit to exposing their company to a potential cybersecurity threat with 14 per cent saying they knew they were doing so at the time.

While some actions could be tracked back to one in four claiming not to understand fully what defines an online cybersecurity risk, almost every respondent (96 per cent) acknowledged cybersecurity should be a priority for their business.

The prevailing reason employees circumvent their companies’ policies is to use a more efficient tool or service than that used by the organisation, or that such tools were considered the best in the market. These actions reflect 17 per cent saying their company’s cybersecurity policy is frustrating and prevents access to tools and sites that would enable better job performance. Employee education is essential in ensuring that the rationale behind the policy is clear.

Survey results indicate that neither department nor seniority precludes employees from carrying out questionable actions or having misinformed views. One in ten respondents caught executives ignoring company guidelines; and when asked directly, one in four C-level respondents admitted to knowingly exposing their company to a potential threat.

The research found one in five (18 per cent) management-level employees don’t feel they have a personal role to play in their company’s cybersecurity efforts; and that, if a successful attack were carried out, only one in five (21 per cent) believe the employee responsible for the breach would be held accountable – the majority (40 per cent) believe IT would be held to blame.