- Only 39% of end users say they take "all appropriate steps" to protect company data accessed and used in their jobs, according to a study released Tuesday by the Ponemon Institute and Varonis Systems Inc.
- A similar study conducted in 2014 found 56% of end users asked the same question replied that they did take "all appropriate steps," indicating a decline in employee security hygiene practices over the last two years.
- The survey included 3,027 employees in the United States and Europe (1,371 end users and 1,656 IT and IT security professionals) from a variety of industries.
Given the dramatic rise in ransomware and other threats over the last 12 months, employee security hygiene should be getting better, not worse.
"At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyberattacks and security breaches, this survey instead found an alarming decline in both practices and attitudes," Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said in a press release.
The report also concluded organizations have more work to do to enforce policies against unauthorized use of company data. While 52% of IT respondents said they believe such policies are adequately enforced and followed, just 35% of end user respondents agreed.
The report also highlighted the difference between people in IT or security roles and end users when it comes to making security hygiene a priority. More than 60% of respondents in IT or security roles said protection of company data is a very high or high priority, while only 38% of end users agreed.
Ponemon said bridging that gap is critical.
"Major differences between the IT function and end users about appropriate data access and usage practices make it harder to reduce security risks related to mobile devices, the cloud and document collaboration," he said.