menu icon Menu
Request Demo Contact

2018 Market Pulse Survey – When it Comes to Employees’ Cybersecurity Habits, History Repeats Itself

SailPoint has been conducting the Market Pulse Survey for ten years now, and despite the overwhelming changes in the cybersecurity industry – including the drastic increase in data breaches and the resulting impact on a company from a financial and reputational standpoint – this year’s survey found that employees’ cybersecurity habits are still not improving. In many cases, they are unfortunately getting worse. When you combine this with the new challenges ushered in by the digital transformation, the IT landscape becomes even more complex and difficult to secure.

See the Market Pulse infographic
See the Market Pulse infographic

Organizations might be making a valiant effort to keep up with the digital transformation while also balancing the sometimes-competing priorities of efficiency and security, but the same cannot be said for their employees.

For a portion of this year’s survey, we revisited some of the themes around workforce behaviors towards cybersecurity from our 2014 Market Pulse Survey. We hoped to see an improvement in employees’ actions based on the influx of data breaches and the growing concern over privacy. However, this years’ findings proved that not much has changed. In fact, the same workforce that IT is trying so hard to protect is making their job much harder by not adhering to cybersecurity best practices or good password hygiene.

In 2014, 56% of employees admitted to reusing passwords across accounts; In 2018, 75% of employees admitted to reusing passwords across accounts
In 2014, 56% of employees admitted to reusing passwords across accounts
Screens
In 2018, 75% of employees admitted to reusing passwords across accounts

In just four years, the number of employees who reuse passwords has increased almost 20 percent, which is even more concerning when you consider the domino effect that can occur from this risky action.

We also explored the digital transformation that is rushing through organizations of all sizes today and the impact it is having on IT teams as they strive to balance security with business efficiency. When you combine an IT environment that is growing more complex every day with the declining cybersecurity habits of the workforce, the collective risks become even more complicated to manage and secure.

It is no wonder that IT and the workforce are often at odds in today’s enterprise reality of competing priorities. Employees want the latest technologies to help them do their jobs, and they do not want to wait for IT buy-in. On the other side, IT teams are hard at work trying to bring employees the tools they need to work efficiently without sacrificing security in the process. This tension is evident in our survey, as 55% of employees said IT is a source of inconvenience for them.

In 2014, 20% of employees admitted to using shadow IT; In 2018, 31% of employees admitted to using shadow IT
In 2014, 20% of employees admitted to using shadow IT
Pie chart depicting 20% and 31% respectively
In 2018, 31% of employees admitted to using shadow IT

Employees may not mean any harm when they go around IT’s security protocols, but at the end of the day, they are still creating more risk for IT teams to manage. Even worse, while employees are not interested in following IT’s mandates, they can be quick to blame IT when things go awry, which only adds to the tension between the two parties. In short, employees do not understand the critical role they play in their organizations’ cybersecurity.

13% of employees would not tell IT immediately if they thought they had been hacked; 49% of employees would actually blame IT for a cyberattack
13% of employees would not tell IT immediately if they thought they had been hacked, slider 13% full
49% of employees would actually blame IT for a cyberattack

Employees are not the only ones introducing risk into the workplace. With the digital transformation, new cybersecurity threats are emerging every day. One example of this is new technologies like software bots showing up in the workplace to drive efficiency. This has redefined the definition of a ‘user’ – an obvious problem when you consider that users have become the new ‘security perimeter’ today as the traditional network perimeter has all but vanished thanks to digital transformation.

48% of employees are already using AI chatbots/personal assistants or plan to in the future
48% of employees are already using AI chatbots/personal assistants or plan to in the future

While these bots may increase efficiency, they are also accessing mission-critical applications and data. However, they are often not being properly secured in the same way as an organization’s other identities like employees, contractors and partners, opening the door for hackers.

Identity-centric Cybersecurity: The Secure Path Forward

If the 2018 Market Pulse Survey findings show us anything, it is that identity governance is now more critical than ever as organizations rethink the way they approach the concerning security and identity issues we uncovered. An identity-centric cybersecurity strategy provides visibility and security across all digital identities and their access to all sensitive applications and data, helping organizations rise above these challenges and embrace the future with confidence.
Read the Full Results: Download the Report

Discussion