Security Problem? Blame the Human Element
Cisco study finds that security policies are often not respected by end users.
Most organizations around the world have some kind of IT security policy in place. But they're still at risk since the policy isn't always adhered to, and in some cases, it's not communicated properly to users.
Those are some of the key findings of new statistical data from a Cisco-sponsored study on the global security perceptions of 2,000 professionals.
While Cisco (NASDAQ: CSCO) makes much of its money from selling technology solutions, the study confirms that more emphasis is needed on the humans that use technology. And in a time where the industry is struggling to cope with ever-growing numbers of breaches and data leaks, businesses may ignore that conclusion at their peril.
The Cisco study found that on a global basis, 77 percent of respondents have security policies in place -- though only 41 percent stated they adhered to those policies all the time.
According to its findings, most respondents viewed their company's security policies as being unfair. The top reason for non-compliance, at 42 percent, was the claim that the corporate security policy doesn't align with how they need to do their jobs.
The problem, though, is that by not remaining in compliance with their corporate security policies, users leave their organizations open to risk. Sixty-five percent of respondents in the Cisco survey said they believed that viruses were a result of non-compliance with policy, while 45 percent agreed that non-compliance led to unauthorized access to information.
"Why is IT writing policy in isolation?" Stewart said. "Why isn't it that the business is writing the rules and IT is helping them? If we do it that way, I suspect language will change and it will be look more relevant and IT will stop being the blame monger for the problem."