Well, this is a troubling piece of news. IT Governance in the UK has released a survey this month in Data Breaches: Trends, Costs and Best Practices which will show that two-thirds of employees bypass data security in order to do their work.

The Best Practice Report looks at the global trends in corporate data breaches concerning personally identifiable information. It also considers best practices in avoiding business, regulatory and brand damage as the result of a data breach.

The survey found that 68% of employees admit to bypassing information security controls in order to do their jobs. This is a troubling statistic, perhaps pointing to a failure to understand how to implement security controls: how to balance confidentiality with availability of information. The survey indicates that security controls are being undermined and that employees are putting organizations at risk. This startling information should serve as a wake-up call to the importance of planning in information security.

The survey indicated that 82% of organizations had policies for protecting personal data, but with such a high incidence of employees deliberately circumventing the policies and procedures put in place, it would appear that the security precautions taken were unduly obstructive in design or implementation.

Other interesting findings:

• 55% of employees handling personal data have been trained in their legal responsibilities in respect of the information
• 89% of organizations cover access to personal data in security regimes
• 56% of organizations have policies to detect or report data losses
• 39% of organizations have policies to correct data loss incidents

You can see from the degradation in the above stats that companies are less prepared for data breaches in their security regimes and that, if such a data breach were to occur, they would not have policies to govern the fallout, nor in some cases to detect the breach in the first place. Both the earlier information and the above statistics show a dire need for security training at all levels of the company. To understand the importance, and legal requirements, to safeguard personal information, and to do so in such a way that is manageable for employees.

Via cambridge network Tags: security, it security, data security, security policy, security policies, security training, data management, compliance, breach, data breach, breach prevention