SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Employees worry about security but don't do anything about it, survey finds
Wed, 23rd Mar 2016
FYI, this story is more than a year old

There is a significant disconnect between an employees' growing concern over the security of their personal information and their attitudes toward data security practices in the workplace, according to SailPoint's annual Market Pulse Survey.

The global survey, which was commissioned by SailPoint and conducted by independent research firm Vanson Bourne, looks at how employees view their individual role in IT security processes, and what (if any) improvements are being made by organisations to adapt to the new business realities.

The survey found that 85% of employees would react negatively if their personal information was breached by a company. Yet these same employees are exposing their employers to the same data breaches through negligence and poor password hygiene, the survey found.

Additionally, it highlights an ongoing challenge for IT and security professionals: 26% of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company.

Key findings from SailPoint's 2016 Market Pulse Survey include:

Poor password hygiene continues to plague enterprises. The majority of respondents (65%) admitted to using a single password among applications, and one-third share passwords with their co-workers.

Employees don't assume responsibility for protecting the integrity of corporate security processes. One in five employees would sell their passwords to an outsider. Of those who would sell their passwords, 44% would do so for less than $1,000. This is up from one in seven who would sell a password a year ago, according to the report.

Organisations are struggling to keep up. One in three employees admitted to purchasing a SaaS application without IT's knowledge (a 55% increase from last year's report). Alarmingly, more than 40% of respondents reported having access to a variety of corporate accounts after leaving their last job.

Kevin Cunningham, SailPoint president and founder, says, “This year's Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers.

“Today's identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it's imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.