Due to lack of a clearly defined security strategy, IT decision makers (ITDMs) risk losing the trust of knowledge workers.
Research from Code42's 2016 Datastrophe Study studied over 400 ITDMs that included CISOs and CIOs within companies of 500+ people as well as 1,500 knowledge workers including CEOs, team leaders and employees.
It was discovered that 67 percent of knowledge workers don't feel their company has a clearly defined bring your own device (BYOD) policy in place, however 65 percent of ITDMs believed that they do.
A quarter (25 percent) of knowledge workers don't trust their IT teams/employers with their personal data. Over a third (36 percent) of knowledge workers think the company they work for may be at risk of a data breach in the next year.
Knowledge workers feel that their company's biggest challenges are insider threats (18 percent), constantly evolving threat (20 percent), unwitting employee behaviour (33 percent), and cyber-threats/hackers (44 percent). On the other hand, ITDMs say the top challenges are encryption, the constantly evolving threat landscape, gaining visibility of threats (eight percent), cyber-security (13 percent), data privacy (13 percent), and data protection (17 percent).
“It's interesting to see that one in five knowledge workers and one in three ITDMs admit insider threats and unwitting employee behaviour are some of the biggest challenges faced by IT teams today,” said Rick Orloff, CSO at Code42.
In the UK, 69 percent of ITDMs said the GDPR will affect the way that they purchase and/or provision data protection and security tools/solutions.
Close to three fourths (74 percent) of knowledge workers say that their IT team's ability to protect corporate and customer data is of utmost importance to the brand reputation of their company. Meanwhile, 36 percent of ITDMs in companies of over 500 employees don't have a data protection (backup) strategy or solution in place.
“CISOs need to stop being the custodians of security and start taking the position of service providers and consultants to the business. While decisions around IT projects should be driven by the business, lines of business managers should be working closely with their CISOs to ensure each project they complete measures up to the rigours of modern enterprise security. It's no longer enough for the general IT team to give advice—often based on what they ‘can' or want to provide—on information and data security,” commented Phil Cracknell, founding member of ClubCISO.