IT staff may not be getting the message across to their colleagues about the dangers of data security.
People in organisations across the UK may be taking unnecessary risks with data because they are underestimating the security threats against them.
This is the suggestion of a new poll carried out all over the world by the Ponemon Institute and Tripwire, which found that IT professionals are struggling to communicate effectively with senior executives about security issues.
Around half of respondents thought security metrics – the application of standards for measuring information security attributes – were not doing the job, even though 73 per cent agreed they were important as part of a risk-based security programme.
When asked how well they are communicating facts about security to employees, 47 per cent of IT professionals said they feel they are "not effective".
Some 42 per cent said they often don’t have time because more pressing issues come up, a similar proportion said they only tend to pass on information when there has already been a threat to data protection, while 13 per cent said senior executives are not interested.
The researchers said that finding new ways of bridging this communications gap is crucial if there is to be more widespread adoption of data security programmes.
Reducing apathy and the idea that security threats will not happen among employees may be a crucial first step.
A recent study published by The Register found the most commonly leaked password in 2012 was ‘password’, followed by’123456′ and ‘12345678’.
Elsewhere, a poll by Lieberman Software discovered that British employees may be deliberately ignoring the rules on data protection in order to save time.
Both of these suggest that people are not taking the threat of cyber attacks seriously and could be leaving their organisations open to having potentially sensitive data stolen.
Businesses could start to take steps to improve security by bringing in online hosting solutions such as those from Dajon, which store documents remotely and keep them safe from prying eyes. Password protection will also mean that only authorised personnel can access the paperwork.