Most security professionals believe employees play an important role in IT security, yet 64% of UK workers are given no IT security training in the workplace.
But despite the lack of IT security training, the survey of 700 UK workers by Guidance Software reveals most employees take a responsible approach when it comes to protecting corporate data.
Some 61% believe all employees have a role in protecting company data. Half believe employees should not connect personal devices to the corporate network, while only 16% believe it is the sole responsibility of the IT department to enforce policies to protect sensitive data.
"What is most concerning about this data is the chasm that exists between businesses and their employees," said Frank Coggrave, v-p of EMEA sales at Guidance Software.
Hackers and criminals are becoming more effective at evading traditional security measures, so everyone must be informed, observant and vigilant, Frank Coggrave says.
"IT leaders need to recognise that employees can become a security risk or an important ally in protecting against loss or theft of data or malware, which can have huge financial consequences," he said.
According to Guidance Software, organisations experience between 5,000 to 10,000 malware attacks each day, but 23% of respondents did not believe protecting sensitive data was even an issue in their workplace.
"While it is encouraging that most employees recognise they have a part to play in data protection, almost one in four clearly does not even see that security is an issue," said Coggrave.
Organisations must provide security education and guidance to employees, he says, so that employees are clear about the role they play in protecting sensitive data.