informa
/
Risk
Quick Hits

Survey Shows Slack Security 'Tudes

One-third of users say security policy doesn't matter, and one-fourth don't worry about security
A new survey doesn't bode well for end user attitudes about enterprise security: fewer than 40 percent of end users say they follow security policies at work and around 35 percent don't consider it important to follow those policies.

Despite the higher profile of security breaches and compliance requirements, many end users are still apathetic about security, or expect their IT department to take care of it for them, according to findings by security firm Avira in a survey of 990 end users. Around 38.95 users say they comply with their company's security policies and that the whole company is careful to follow them to protect the organization.

But 35.42 percent say they have security policies, but don't think "anybody cares if we follow the policies or not," and 25.63 percent say they don't think about security at all and that it's up to the systems administrator to take care of it "so it's not my concern."

Sorin Mustaca, data security expert at Avira, says it's a people problem. "I think that despite the fact that security -- or better, insecurity -- got much publicity in the last few years, the problem lies in people. Most of the people are using computers as simple tools to do their job. They are simply too busy doing their daily jobs under stress and under tough deadlines so they don't care about security," he says.

It's only when users experience a security breach firsthand with lost data or money that they start caring about security, according to Avira.

"The attitude of more than 70 percent of people who took the survey shows us that there is a lot to do in the security industry. Security companies are still giving users too much responsibility to secure their computers and we see clearly that the users don't want this," Mustaca says. "They want to buy a security software and delegate the responsibility of performing security to that software."

Organizations aren't sufficiently schooling their users on security, either, he says. "If they would educate them, these users would participate in securing their company's assets and would care about security," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5