Increasingly complex user environments in most businesses typically present greater security challenges, according to research by the Information Security Forum (ISF).
Social networking technologies, mobile devices and a more tech-savvy workforce are all contributing to this complexity, the research found.
Vast differences in the knowledge, behaviour and actions of end users in this environment create further security risks, according to the research report.
Disparate end user environments are subject to factors such as diverse cultures and different operating conditions.
This makes managing information security extremely difficult, compounded by the variety of corporate-issued and personally-owned devices and a blurring of the boundaries between work and personal computing, the report said.
Generation Y employees entering the workplace typically want to configure their own user environments, installing software such as applications for social networking, instant messaging, peer-to-peer networking and VoIP, the research found.
Organisations need to empower employees to take more personal responsibility for protecting critical and confidential information, the ISF said.
Organisations need to recognise that the information security function cannot provide all the protection necessary without a complete lock down, said Mark Chaplin, senior research consultant at the ISF.
"Instead, much of the responsibility lies in the end user environment where more focus needs to be placed on education and awareness to create a culture where employees are empowered to protect corporate information as well as their own personal data," he said.