In our recently released 2013 Mobile Enterprise Risk Survey, we saw shocking insight on how enterprise workers believe “security is not my responsibility,” with most employees valuing corporate data on their phones at less than $500.
Our research shows that 25% of employees believe there should be no punishment if they leak corporate data since it’s “not their responsibility,” and our findings show that most people who do leak data are not punished. How much of this is lax employee attitude and how much of this is a lack of corporate education and training on both the importance of data and on how to protect it? Our study found that 23% of employees had no idea what to do if a work device is lost or stolen, so clearly there is a knowledge disconnect.
But our study is just one, right? Well, other research has indicated this same apathy for security, this same sense that it’s "someone else’s problem” or that “it can’t happen to me."
Newtek Reports 67% of independent business owners are not concerned about credit card security, despite recent breaches; most had no knowledge of credit card security options. A survey from McGladrey found that 68% of business executives believed their computer security faced “little or no risk,” showing a misconception on risks, mostly build on a mistaken belief that they have no data of “value” to thieves. Shred-it ran their own survey, showing that 30% of small and medium-sized enterprises (SMEs) had never trained employees on information security, with another 38% only doing so on an ad-hoc basis. 22% of these SMEs were unaware of compliance or legal requirements affecting their businesses.
As pointed out recently on the ABA Banking Journal, we’ve seen some pretty significant data breaches in the past few months where known exploits were used, where for reasons unknown the protection of data was not given high enough priority to get these exploits patched, showing apathy of another kind in protecting data.
Given all of this, it should come as no surprise that a recent HyTrust poll showed that 72.5% of consumers don’t believe organizations care about keeping private data safe and secure. This erosion of trust has to hit the bottom line, but it doesn’t have to. With foresight, planning, the right solutions and ongoing employee training, enterprises can regain control over the management of data and reaffirm to consumers the efforts being made to regain their trust.