Regardless of whether it comes from an employee in the next cubicle or a top executive in the corner office, the vast majority of IT professionals believe their co-workers disregard security rules on purpose, new research shows.
The study by the Lieberman Software Corporation revealed that more than 80 percent of IT security professionals believe that corporate employees deliberately ignore security rules issued by the IT department.
In addition, more than half of those surveyed think that their staff wouldn't be any more inclined to follow the security directives if they came from executive management rather than the IT department.
"These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data — and potentially customer information — at risk," said Philip Lieberman, CEO of Lieberman Software.
The state of security has gotten so bad for companies that most IT executives are preparing for the worst. Nearly three-quarters of those surveyed would not bet $100 of their own money that their company wouldn't suffer a data breach in the next six months.
Overall, 76 percent of IT personnel think that employees in their organization have access to sensitive information that they don't necessarily need to perform their jobs, while nearly 40 percent have witnessed a colleague look at company data to which they should not have had access.
"These behaviors are continuing even after it has been proven that human error is the leading cause of data breaches," Lieberman said. "Organizations need to implement better cybersecurity training that properly instructs staff about the consequences of data breaches."
The study, conducted during the RSA Conference 2013 in San Francisco, was based on surveys of 250 IT security professionals from all major vertical market segments.