Comment : Human error is the No 1 IT security issue for UK IT directors

No matter how many policies and training schemes you put into operation, basic human error still poses the most likely threat to your company's IT security according to IT directors. This was the worrying conclusion of research commissioned by network security vendor Clavister and conducted by leading international researchers YouGov.

86% of all IT directors polled believed that the most likely cause of an IT security issue came from their own employees. The reasons for this were down to staff ignoring, not being made aware of or not being sufficiently trained on security policies, as well as making mistakes or committing industrial espionage.

And the story appears to be similar regardless of where the company is based and how big it is. Despite security policies and training being implemented, security problems continue to happen due to the human temperament.

The findings show that 31 per cent of IT directors surveyed believe the most likely cause of IT security issues is staff consciously ignoring security policies; 37 per cent put it down to human error, 13% was due to insufficient training and awareness of policies, and a further five per cent to industrial espionage.

Following the survey, Clavister has called into question current IT security products and policies and asks what companies can do to address flaws that are integral to us all as human beings. "The purpose of a security policy is rather simple - to keep malicious users out of a network while monitoring potential risky users within an organization. To ensure compliance, however, is no simple task. Security policy documents tend to be very long and technical, and not written in a way which has meaning or importance for the average employee" says Andreas Åsander, VP Product Management, Clavister.