Nearly eight out of 10 public sector employees ignore information security policies and indulge in insecure behaviour, according to a survey of IT and information security managers in 1,000 large and medium firms in the public sector, finance, law, manufacturing and media sectors.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The research, conducted by SafeBoot, a supplier of mobile data encryption technology, was done before a spate of revelations of data leakage headed by the HMRC's loss in the post of personal and banking details of 25 million child benefit recipients.
Overall, the research showed 59% of firms spent less than 10% of their IT budgets on security, even though 82% (88% of public sector firms) had a security policy. Most firms communicated the policy using memos (34%) and e-mail (29%).
Some 54% of respondents said at least half of their employees ignored the firm's security policy. But this rose to 79% for public sector staff.
Staff who ignore the policy (39%) do so because they do not take it seriously. One in five is ignorant of the threat posed by data leakage however, this rises to 51% for public sector staff.
Public sector staff scored worse that private sector staff in nearly every category of unsafe behaviour. Nearly nine of 10 would open unknown e-mails compared with seven out of 10 on average. Three-quarters would connect an external device such as an iPod or digital camera to their work PCs, and 71% would download company data. Nearly six of ten used unencrypted USB memory devices, and 35% transported data unencrypted on mobile devices.
In your opinion what percentage of employees ignore your security policy?
% Response Overall Finance Public Sector Legal Manufacturing Media
10 - 25 per cent 19 37 3 44 5 6
25 - 50 per cent 27 14 18 32 32 39
50 - 75 per cent 38 32 56 18 48 36
75 - 100 per cent 16 17 23 6 15 19