1 in 6 IT pros admit to hacking – and 28% knowingly circumvent security policies
New research paints a telling picture of the current state of IT security within UK organisations
Short of time?
One in six IT managers admit they have hacked their own or another organisation, according to new research.
In a study of 513 UK IT and infosecurity directors and managers, 28% admitted to knowingly circumventing their own security policies.
The report, by Absolute Software, found that security remains at the top of the IT spending list, with 73% of respondents expecting increased investment in security this year.
But despite prioritising security and increasing budgets, half of the respondents said employees or insiders represent the greatest security risk to an organisation.
This may be related to the fact that, on average, 36% of all security protocols are not being followed by staff, according to the survey.
It may also explain the high number of security breaches, with 30% of respondents experiencing a data breach within the past year.
IT decision makers bear the brunt of responsibility. Of those surveyed, 66% said IT managers are primarily responsible for the organisation’s security.
The report also showed that 58% of IT decision makers believe they would likely lose their job in the event of a security breach.
The age of the respondents impacted the results, with younger professionals demonstrating a more optimistic and confident outlook for IT security.
More than a fifth of the IT pros aged between 18 and 44 that were surveyed admitted to hacking their own organisation, compared to 6% of over-45s.
“Given that IT is the security gatekeeper for an organisation, it was alarming to see such high incidents of non-compliant behaviour by IT personnel,” said Stephen Midgley, VP of global marketing at Absolute Software. “Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring.
“Despite marked improvements, businesses are still very susceptible to attack. The gaps in current data breach response plans and in upholding general best practice policies must be addressed.”