According to the results of a recent Balabit survey of 381 European IT executives, CIOs, CISOs, auditors and other IT professionals, 69 percent of respondents said they would bypass security controls and risk a potential security threat in order to achieve the biggest deal of their life.
Among those who said they would take the risk, 38 percent said they would do so because they felt they could trust their IT and security team to protect the company anyway, and 31 percent said they would do so without thinking about the consequences if the deal was very promising.
At the same time, 41 percent of respondents said that in principle, security should be more important than business flexibility, and 30 percent said the two should be equally important.
"These results show that organizations have a long way to go to balance security and business," Balabit CEO Zoltan Gyorko said in a statement. "They demonstrate that while security overload may be tolerated during normal business, when it comes to big deals the respondents would not hesitate to bypass security to win business. It is important that this is recognized as an issue and dealt with accordingly."
When asked if their companies use any heuristic techniques for security such as baselining or machine learning, 55 percent of respondents said they don't use such tools, 26 percent use them but the results are always reviewed by a human before taking action, and just 19 percent use such tools and allow them to trigger actions automatically.
"The survey shows that security strategies must take into account user behavior," Gyorko added. "Today's static control solutions can only go so far. Security teams must have visibility of the context of user actions to be able to respond effectively, and any additional tools must be transparent to the business workflow."
According to a recent Skyhigh Networks report, 89.6 percent of organizations now experience at least one insider threat (behavior that either intentionally or unintentionally exposes an organization to risk) every month. A recent Clearswift survey of 500 IT IT decision makers and 4,000 employees found that 40 percent of companies expect to experience a data breach resulting from employee behavior in the next 12 months.
And earlier this year, a SANS Institute survey found that 32 percent of IT security professionals said their company has no ability to detect an insider breach.