© Copyright ClearPath Benefits

Information Security Risk in American Business

Originally posted by https://www.strozfriedberg.com

Employees Believe Company and Information is at Risk

American businesses  need to fortify their  protections against information security threats. In a recent flash survey  of American office workers, Stroz Friedberg explored the state of information security in U.S. businesses.  The reality is rather bleak.

More  than  half  of  respondents gave  corporate America’s response to cyber threats a grade C or lower. Nearly  three-quarters of respondents expressed concerned that a hacker  could break  into  their employers’ computer networks and steal their  personal information.

Worst Offenders in High  Risk Electronic Behavior are Senior  Managers

But many  respondents also admitted to engaging in high-risk behaviors, such as uploading work files to their  personal email  and  cloud accounts, and  accidentally sending sensitive information to the wrong person.  Senior management—those who often have high levels of access to valuable company information—admitted to partaking in risky  behaviors most readily. Personal  technology preferences contributed to many  of the transgressions.

One bright spot  is the efficacy of company policy. Workers who  said they  did not  participate in high- risk behaviors cited strict company policy as the reason  why.

When  company information gets  into  the  wrong  hands—whether it’s due  to a careless  insider,  a malicious insider,  or a hacker—a business  can lose the trust of its customers, partners, and investors, as well  as its  competitive  advantages. Knowledge about real-life risks  in  the  workplace and  how companies are successfully managing high-risk behaviors can help business leaders better understand how  to protect their  firms.

Senior Managers are the worst information security offenders

  • 87% of Senior Managers regularly upload work files to a personal email or cloud account
  • 58% have accidentally sent the wrong person sensitive information (vs. only 25% of workers overall)
  • 51% have taken files with them after leaving a job – twice as many as office workers in general

Senior management generally has more access to valuable information than lower-ranking employees. All three behaviors increase the risk of proprietary information getting into the the wrong hands.

Personal tech preferences are increasing information security risks

  • Nearly 3/4 of office workers upload work files to a personal email or cloud account. Of those…
  • 37% (the majority) say it’s because they prefer using their personal computer
  • 14% say it’s because it’s too much work to bring their work laptops home

Office Workers Don’t Know the Risks

  • 11% of workers who don’t send work files through personal accounts are aware of company policies against doing so
  • Only 37% received mobile device security training
  • 42% received information sharing training

With the proliferation of bring-your-own-devices (BYOD) in the workplace and the use of personal technologies for work, employees need more training and policies to keep information secure.

Employees are worried about the security of their personal information

  • 73% of all office workers are concerned a hacker could steal their personal information such as their Social Security number, birthday, or home address
  • Just 6% said they weren’t concerned at all
  • 61% think that companies deserve a C grade or less for cyber security

Employees in general don’t feel that their own sensitive information is safe in their company’s network – which isn’t surprising considering the overall lack of confidence in corporate America’s ability to protect against cyber threats.

Senior Leadership Rate Themselves Poorly in Cyber Security

  • 45% say that they themselves are responsible for protecting companies against cyber attack
  • Yet, 52% of senior leadership give corporate America’s response to cyber threats a grade C or lower.

Fortunately for them, others think cyber security responsibilities fall elsewhere

  • 54% of lower-ranking employees say that it’s IT’s problem.

The reality is, the responsibility for information security falls on everyone across an organization, but companies that do it most effectively have security ingrained in their culture,starting from the top.


This Stroz Friedberg report was conducted by KRC Research. Between the dates of October 28, 2013, and  November 4, 2013, KRC Research  administered  an online  survey  to 764  information workers in the  United States who  use a computer for their  jobs  and work for companies with more  than  20 employees. The proportion of respondents who  work for small, medium, and large  businesses  match those  of the U.S. Census Bureau  in order to produce a realistic picture of American business.

“Senior Managers” refer   to titles above Vice  President; “Managers”  refer   to Directors and  Vice Presidents; “others” incorporates all other workers fitting the methodology profile.

All results  are represented by percentages. Percentages may not  total 100% due to rounding.