According to new research from network security vendor Palo Alto, one in five working in the finance and insurance sector admitted to ignoring cybersecurity policies.
This comes as a surprise given that financial services are not only amongst some of the most heavily regulated industries when it comes to being responsible for protecting data but also some of the most targeted organisations by hackers and insider threats.
We might also assume that perhaps at the lower levels of a company this lack of concern comes from workers not understanding the nature of the threat or the policy put in place to protect against it. Actually, one in four executive employees admitted that they had knowingly exposed their company to potential threats.
Given the amount of high profile attacks and breaches covered in much detail by mainstream media why would attitudes be so lax? There are a couple of potential causes.
Most employees today are savvy enough to realise that there may be an online tool that can help them be more productive than perhaps some of the legacy systems in place at an established finance company, so whilst the motives are good, the outcome is creating a risk for their employer.
Effective information security combines educating those who have access with an effective set of policies and technologies. The only way for a policy to work is to ensure that employees are educated by the business and understand the importance of security. And the only way for technology to work is when it’s engineered not to make life impossible for those who need to use it.
Maybe there is a little too much focus on how technologies will reduce risk and not quite enough convincing employees that they can be as much part of the solution as exacerbating the problems of securing data.