Information Age: News, analysis & insight for IT & business leaders

Staff remain the weak point when it comes to protecting an organisation's data, according to a new poll

Human error is the number one threat to a company’s IT security, according to a poll of IT directors conducted by YouGov.

Despite the common public perception that the greatest risk to corporate data security comes from the external hacker breaking in and stealing sensitive data, 86% of IT directors regard the greatest threat as coming from their colleagues ignoring security policies (31%), making mistakes (37%), having insufficient training (13%) and committing industrial espionage (5%).

The survey of over 200 IT directors found that the results were similar regardless of the size of the company or where it was located.

The fears are well founded. Recently the Home Office tore up a £1.5 million IT contract with PA Consulting after an employee lost a memory stick containing personal details on thousands of prisoners, despite that employee contravening PA Consulting’s own security policies.

“For security rules to be adopted, users need to understand why they are important, and what the rules mean to them personally and professionally,” says Andreas Asander, vice president of product management at network security firm Clavister, which backed the research.

“The purpose of a security policy is rather simple – to keep malicious users out of a network while monitoring potential risky users within an organisation," he said. "To ensure compliance, however, is no simple task.”

Further reading

The inside job
High-profile data losses are forcing organisations to tackle culprits operating inside the firewall

PA Consulting data loss sacking 'is a lesson to all suppliers'
The Home Office has severed a contract with PA Consulting after an employee lost a USB stick containing sensitive data

Find more stories in the Security & Continuity Briefing Room