A survey of 300 IT Security professionals has revealed that the board of directors are most likely to ignore or flout security policies and procedures, with 42% cited as frequently ignoring them. That’s according to a survey released today by Cryptzone, Europe’s IT Threat Mitigation specialists. Over half of respondents were convinced that senior management believes that “the rules don’t apply to them” when it comes to respecting IT security policies and procedures.
Ironic, since senior people often have access to the most sensitive information.
“This is a tough problem. Seeing wanton disregard at a senior level for the policies and procedures put in place to protect an organization is infuriating, and a real challenge for the CISO who must balance the needs of a business with the requirement to protect assets,” said Nigel Stanley, Practice Leader for Security at Bloor Research.
He added, “I consider the starting point for all security measures to be a governance statement signed by the board, at least with this you have some comeback if senior managers and directors aren’t playing ball.” (You can download the Perceptions of Security Awareness Study here.)
I would venture to guess it’s the same in other parts of the world too. Take our poll and let us know what it’s like in your organization.