One-Quarter of IT Security Pros Say Employees Are Not Adhering to Security Policies and Processes, Despite Growing Threats

Fifty percent of organizations have increased cybersecurity and data protocols over the past two years but still struggle with compliance.

Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced new findings from the Apricorn 2022 Global IT Security Survey, which revealed that organizations have adapted security policies to accommodate hybrid work, but they are still at risk due to employee compliance and lack of security awareness-particularly when data is on the move between work locations. In the survey, nearly 400 IT security practitioners across North America and Europe responded to questions about security practices and policies during remote/hybrid working conditions. 

Eighty-one percent of respondents noted that remote working is now a standard practice within their organization, with half of all respondents revisiting and updating data security policies and processes that they put in place two years ago when remote work programs were hastily deployed. The risk of moving of data between work locations was highlighted by the fact that the majority of respondents (82%) said that encryption should be required to secure USB storage devices, but only 34% say encryption is mandated within their organizations to protect data on the move. 

Employee compliance is a concern survey respondents need to address. One-quarter admit that employees are aware of IT security policies for remote work but are not adhering to them. When remote policies are not followed, it is usually due to employees not prioritizing security practices despite being informed about them (51.8%) or because they are using personal devices (40.16%). Additionally, employees may not be fully aware of the risks their activities pose to the company. Despite growing threats, only 27% of respondents say that employees believe they are at risk of being exploited by attackers to access company data, and 72% believe that either they are adequately protected by existing protocols or they are too small to be a target.   

"Now that organizations have settled in and have adapted to hybrid work environments, IT security depends on the culture of the company and employee compliance now more than ever," said Kurt Markley, U.S. Managing Director, Apricorn. "IT security professionals shared that nearly three-fourths of remote employees don't feel they are at risk of being targeted or successfully attacked. This demonstrates that there is a need for a stronger security culture among employees working outside of the corporate firewall. Protecting against cyber threats is not just an IT or security team issue - it's a company issue."

Opportunities to improve security culture within organizations are apparent. Eighty percent of organizations have changed their priorities in terms of compliance and security due to the pandemic. IT security professionals have expressed a desire for stronger security policies but those expectations aren't always being met. Almost 40% say their IT department does not have the tools to monitor and enforce policies. However, they are making progress where they can with 56% of organizations reinvesting in employee education while 83% have continually reinforced policies with employees.

"As organizations experience gaps in employee compliance, many are stepping up in terms of education, which is key to elevating the culture of security in hybrid workplaces," added Markley. "The trust employees have in their organizations' security protocols is encouraging, but it's important they do not get complacent. Hybrid work may be normalized, but cybersecurity threats are always evolving. Continued policy updates and employee education and buy-in will remain of critical importance to hybrid workforce data security."

Background info: 

Apricorn surveyed nearly 400 (397) IT security practitioners across the globe over a two-week period from March 21-April 4, 2022. The respondents are experienced or veteran IT security professionals: 83% of respondents have more than five years working in security IT, with 45% of them working in the field for 16-20 years. They cross the gamut of vertical industries, with the top five verticals representing healthcare (14%), IT (14%), Education (14%), Financial Services (10%) and Manufacturing (10%). With regard to their role in their organization's IT decision-making, 64% either help make the final decision or are the sole decision-makers. Additionally, more than a third (34%) of respondents work at large organizations with more than 3,000 employees. 

About Apricorn 

Apricorn provides secure storage innovations to the most prominent companies in the categories of finance, healthcare, education, and government throughout North America and EMEA. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Founded in 1983, numerous award-winning products and patents have been developed under the Apricorn brand as well as for a number of leading computer manufacturers on an OEM basis.

Source: Apricorn