A high percentage of IT personnel admitted to not following the same security protocols they are expected to enforce, according to Absolute Software. Of those surveyed, 33% of respondents admitted to successfully hacking their own or another organization and 45% admitted to knowingly circumventing their own security policies.
The report found that security remains at the top of the IT spending list, with 87% of respondents expecting increased investment in security this year. Despite prioritizing security and increasing budgets, IT managers believe that employees or insiders represent the greatest security risk to an organization (46%).
This may be related to the fact that on average, 33% of all security protocols are not being followed by staff. It may also explain the high number of security breaches, with 38% of respondents experiencing a data breach within the past year.
IT decision makers also bear the brunt of responsibility. Of those surveyed, 78% believe IT managers are primarily responsible for the organization’s security. The report also showed that 65% of IT decision makers believe they would likely lose their job in the event of a security breach.
The age of the IT respondents also impacted the results, with younger professionals demonstrating a more optimistic and confident outlook for IT security.
Younger professionals demonstrate more cavalier behavior
- Most likely to hack their own organization: IT professionals aged 18-44 (41%), IT professionals 45+ (12%)
- Most confident in containing a data breach: IT professionals aged 18-44 (92%), IT professional 45+ (79%)
- Most comfortable with staffing levels in order to provide effective IT and data security: IT professionals aged 18-44 (89%), IT professionals 45+ (75%).
The online survey was conducted from October 28, 2015 – November 11, 2015, among 501 U.S. adults age 18+ who met the following criteria:
- Worked in an information security role and hold one of the following positions: IT Director/Executive, IT Manager, IT Administrator, IT Security, or Other IT / information security management role
- Employed by a company with 50 or more employees.