Employee negligence, which may be caused by multitasking and working long hours, can result in insider threats and cost companies millions of dollars each year, according to a survey commissioned by Raytheon|Websense and conducted by Ponemon Institute.
Germany is often seen as being on the cutting edge of deploying security technology and strictly enforcing security policies. The purpose of the survey was to determine if cultural differences in the workplace would impact how German and U.S. IT security practitioners manage insider threats, and to determine if and how characteristics of negligent insiders differ between the two countries.
Errors cost big bucks
Ponemon surveyed IT and IT security practitioners in both the U.S. and Germany, finding that it can cost a U.S. company as much as $1.5 million in time wasted responding to security incidents caused by human error. German companies could see a corresponding loss of €1.6 million.
The research also revealed that 70% of U.S. survey respondents and 64% of German respondents report that more security incidents are caused by unintentional mistakes than intentional and/or malicious acts.
While there are similarities in how U.S. and German organizations perceive insider threats, there are also clear cultural differences in the causes of unintentional insider risk.
German respondents are more likely to agree that their organizations do not have the necessary safeguards in place to protect against careless employees (54%). U.S. respondents reported that employees are not properly trained to follow data security policies (60%) and that senior executives do not consider data security a priority (50%).
"Maliciousness is tagged as the leading cause in insider threat discussions, but the impact of negligence cannot be overlooked," says Ed Hammersla, president of Raytheon|Websense. "As the Ponemon study reveals, security incidents are caused by negligence, which leads to a decrease in IT productivity. Workplace stress, multitasking, long hours, and a lack of resources and budget are the biggest contributors to employee negligence. Having programs in place that include a mixture of training, policy, and technology are vital to addressing insider threats before they become a major issue."
Warning signs abound
Additional key findings include:
• Unintentional employee negligence severely diminishes productivity of the IT function, according to 73% of U.S. respondents and 67% of German respondents.
• Long hours and multitasking are red flags for risk. Multitaskers are more likely to be careless or negligent, according to 79% of U.S. respondents and 81% of German respondents.
• Fences versus watchdogs. German respondents are more likely to limit practices that can create unintentional risk (55%), while their American counterparts prefer to monitor employees' behavior (63%).
• Job is a time drain. In both the U.S. and Germany, IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence.
• You know your top risks. Both German and U.S. respondents report ordinary users, contractors, or third-parties pose the biggest threat to security.
Download Ponemon Study: The Unintentional Insider Risk In United States And German Organizations [Registration required]