At a time when ransomware and other attack methods that exploit insider negligence are becoming rampant, only 39% of end users think they take all appropriate actions to protect corporate data accessed and used in the course of their jobs, according to a new survey by the Ponemon Institute.
The survey of 1,371 end users and 1,656 IT and IT security professionals across the U.S. and Europe was conducted in April and May 2016 by Ponemon Institute, with sponsorship from security software provider Varonis Systems. It showed that 52% of IT respondents think policies against the misuse or unauthorized access to company data are being enforced and followed. But only 35% of end users say their organizations strictly enforce those policies.
Among the other key findings were that 61% of respondents who work in IT or security roles view the protection of critical company information as a very high or high priority. In contrast, only 38% of respondents who are considered end users think it is a very high or high priority.
Asked about their organization’s attitude on productivity vs. security, 38% of IT practitioners and 48% of end users say their organizations would accept more risk to the security of their corporate data in order to maintain productivity.
“At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyber attacks and security breaches, this survey instead found an alarming decline in both practices and attitudes,” said Larry Ponemon, chairman and founder of Ponemon Institute.