Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:15 PM
Connect Directly

Survey Shows Slack Security 'Tudes

One-third of users say security policy doesn't matter, and one-fourth don't worry about security

A new survey doesn't bode well for end user attitudes about enterprise security: fewer than 40 percent of end users say they follow security policies at work and around 35 percent don't consider it important to follow those policies.

Despite the higher profile of security breaches and compliance requirements, many end users are still apathetic about security, or expect their IT department to take care of it for them, according to findings by security firm Avira in a survey of 990 end users. Around 38.95 users say they comply with their company's security policies and that the whole company is careful to follow them to protect the organization.

But 35.42 percent say they have security policies, but don't think "anybody cares if we follow the policies or not," and 25.63 percent say they don't think about security at all and that it's up to the systems administrator to take care of it "so it's not my concern."

Sorin Mustaca, data security expert at Avira, says it's a people problem. "I think that despite the fact that security -- or better, insecurity -- got much publicity in the last few years, the problem lies in people. Most of the people are using computers as simple tools to do their job. They are simply too busy doing their daily jobs under stress and under tough deadlines so they don't care about security," he says.

It's only when users experience a security breach firsthand with lost data or money that they start caring about security, according to Avira.

"The attitude of more than 70 percent of people who took the survey shows us that there is a lot to do in the security industry. Security companies are still giving users too much responsibility to secure their computers and we see clearly that the users don't want this," Mustaca says. "They want to buy a security software and delegate the responsibility of performing security to that software."

Organizations aren't sufficiently schooling their users on security, either, he says. "If they would educate them, these users would participate in securing their company's assets and would care about security," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
PUBLISHED: 2021-05-07
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
PUBLISHED: 2021-05-07
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
PUBLISHED: 2021-05-07
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
PUBLISHED: 2021-05-07
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.