Cisco Security recently released their 2011 Connected World Technology Report which was released in 3 chapters over the last couple of months. The report aims to understand how companies need to balance business needs and risk management with the next generation of employees' technology expectations and behaviour. Very few reports are forward-looking in terms of the impact of the changing workforce, so this is a great resource to help you plan for the future.
In regards to IT security, 70% of employees admitted to knowingly breaking IT policies on a regular basis with 61% believing they are not responsible for protecting corporate information and devices. This shows a huge disconnect between IT security and employee training and practices.
Reasons for not adhering to company policies include not believing they are doing anything wrong, needing to access programs or applications for work, knowing policies are not enforced, or not taking time to think about policies while working.
Most respondents believed that IT policies do not address real-life demands for flexibility at work, particularly when it comes to mobile devices and social media. Indeed, employees admitted they would take a lower-paying job if they had control over device choice and flexibility in social media use.
Other risky behaviours showcased in the study include using unknown wireless connections, letting others use corporate laptops without supervision and leaving devices unattended in public. Currently, college students exhibit higher rates of risky behaviours than the current young professional workforce indicating that companies face growing risks in these areas.
These findings, included in Chapter 3 of the report, can be read more in detail on their website or this PDF. Cisco prepared a video on their Report including some tips on how to better train employees who lack respect for IT policies and data.