In the study, which was conducted by Ponemon Institute and sponsored by Palo Alto Networks, end users were confronted with "breaches" -- such as data losses or malware -- affecting the Internet applications they use each day. The idea was to see how their online behavior would change as a result of hearing about the breach.
The result: 45 percent continued using the application without any change in behavior. Nineteen percent curtailed their use of the application, but continued to use it. Only about one-third of users stopped using their Internet apps after learning of a breach involving those apps at their site.
"What this says to us is that a lot of insecure behavior occurs not because users are trying to do malicious things or personal things, but because they're trying to do their jobs," says Chris King, director of product marketing at Palo Alto. "In the real world, business trumps security."
Some 78 percent of organizations in the study had specific policies against the use of specific Internet applications, yet nearly half (48 percent) of IT respondents did not know whether employees were using the prohibited products. "The Ponemon study confirms what we've suspected from our own research -- that a lot of organizations have security policies, but don't have the means to enforce them," King says.
The study is scheduled to be released on Monday by Ponemon and Palo Alto.