According to a survey of Computer Weekly's Infosecurity User Group members, IT departments have failed to push security up the business agenda through awareness campaigns.
Fewer than half (46%) of the user group member companies have implemented a security awareness campaign, and of those only 32% considered that their campaigns were successful. The main reasons for failure were lack of management support, staff apathy, and lack of budget. Yet members confirmed that nearly all their campaigns are set to continue.
Infosecurity User Group chairman Martin Smith said, "Awareness can be considered as the oil that lubricates the security machine. Without the active support of the workforce, all security plans are doomed to failure.
"The vast majority of personnel are happy to follow the rules, provided they understand why. Yet this straightforward and inexpensive weapon in our armoury is too often ignored or done on the cheap," he added.