Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
A recent survey of more than 900 IT security professionals found that 92 percent of respondents said employees attempt to access information they don't need for their day-to-day work, and 23 percent said this happens frequently.
The survey, conducted by Dimensional Research and sponsored by One Identity, also found that 66 percent of IT professionals admitted they themselves have sought out or accessed company information they don't need.
That proportion is even higher for executives -- 71 percent of IT security executives admitted having sought out extraneous information, compared to 56 percent of non-manager-level IT security employees.
It's also higher at tech companies. Forty-four percent of respondents working at technology companies admitted having searched for sensitive company performance information, compared to 36 percent in financial services, 31 percent in manufacturing, and 21 percent in healthcare.
"Without proper governance of access permissions and rights, organizations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO's personal files," One Identity president and general manager John Milburn said in a statement.
"If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business' reputation or financial standing," Milburn added.
Still, a recent survey of more than 1,800 IT decision makers, conducted by Loudhouse and sponsored by Fortinet, found that 48 percent of respondents believe IT security isn't a top priority for the board, and 77 percent said the board should put IT security under greater scrutiny.
Forty-nine percent of respondents said major cyber attacks like WannaCry are bringing cyber security to the board's attention, and 34 percent said an increase in regulations such as GDPR is doing the same.
The transition to the cloud also appears to be motivating security discussions -- 77 percent of respondents said cloud security is becoming a key priority for the board, and 50 percent are planning investments in cloud security over the coming year.
"In today's digital economy, I expect the trend we've seen at the board level to accelerate with security being treated as a top priority within an organization's broader risk management strategy," Fortinet senior vice president Patrice Perche said in a statement.
Security as Hurdle
At the same time, a recent survey of 500 CISOs at large enterprises, conducted by Vanson Bourne and sponsored by Bromium, found that 74 percent of respondents said users have expressed frustration that security is preventing them from doing their job, and 81 percent said users see security as a hurdle to innovation.
Eighty-eight percent of respondents prohibit users from using specific websites and applications due to security concerns, and 94 percent have invested in Web proxy services to restrict what users can and can't access.
Respondents said they get complaints at least twice a week that work has been held up by overly zealous security tools -- and help desks spend an average of 572 hours a year responding to user requests and complaints regarding access to websites.
As a result, 77 percent of CISOs said they feel caught between letting people work freely and keeping the company safe, and 71 percent said they're being made to feel like the bad guys for restricting access to content.
"At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyber attacks," Bromium president and co-founder Ian Pratt said in a statement. "Security has to enable innovation by design, not act as a barrier to progress."