Employee security hygiene is on a (steep) decline

Employees do less to protect their company's crucial data now, than they did two years ago.

Employee security hygiene is on a (steep) decline, and that's a fairly defeating statistic, knowing that ransomware and other forms of cyber-attacks against businesses are on the rise. The figures were published by Varonis Systems and the Ponemon Institute, in a new report entitled “The Widening Gap Between End Users and IT”. 

It says that just above a third (39 per cent) of employees believe they take all the appropriate measures to protect company data, down from 56 per cent two years ago. More than 3,000 people in the UK, US, France and Germany were polled. More than half of IT respondents believe data security policies are being enforced and followed, yet 35 per cent said their companies are enforcing them. 

"At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyberattacks and security breaches, this survey instead found an alarming decline in both practices and attitudes,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute.  

“If an organisation’s leadership does not make data protection a priority, it will continue to be an uphill battle to ensure end users’ compliance with information security policies and procedures. Major differences between the IT function and end users about appropriate data access and usage practices make it harder to reduce security risks related to mobile devices, the cloud and document collaboration.” 

While 61 per cent of IT security pros said defending critical data has highest priority, just 38 per cent of end users think the same way.  More than a third (38 per cent) of IT security pros, and almost half (48 per cent) of end users said their company is willing to accept more risk to keep productivity high.  

End users usually blame data breaches on insider mistakes, rather than IT experts.