2018 Market Pulse Survey – When it Comes to Employees’ Cybersecurity Habits, History Repeats Itself
SailPoint has been conducting the Market Pulse Survey for ten years now, and despite the overwhelming changes in the cybersecurity industry – including the drastic increase in data breaches and the resulting impact on a company from a financial and reputational standpoint – this year’s survey found that employees’ cybersecurity habits are still not improving. In many cases, they are unfortunately getting worse. When you combine this with the new challenges ushered in by the digital transformation, the IT landscape becomes even more complex and difficult to secure.
Organizations might be making a valiant effort to keep up with the digital transformation while also balancing the sometimes-competing priorities of efficiency and security, but the same cannot be said for their employees.
For a portion of this year’s survey, we revisited some of the themes around workforce behaviors towards cybersecurity from our 2014 Market Pulse Survey. We hoped to see an improvement in employees’ actions based on the influx of data breaches and the growing concern over privacy. However, this years’ findings proved that not much has changed. In fact, the same workforce that IT is trying so hard to protect is making their job much harder by not adhering to cybersecurity best practices or good password hygiene.
In just four years, the number of employees who reuse passwords has increased almost 20 percent, which is even more concerning when you consider the domino effect that can occur from this risky action.
We also explored the digital transformation that is rushing through organizations of all sizes today and the impact it is having on IT teams as they strive to balance security with business efficiency. When you combine an IT environment that is growing more complex every day with the declining cybersecurity habits of the workforce, the collective risks become even more complicated to manage and secure.
It is no wonder that IT and the workforce are often at odds in today’s enterprise reality of competing priorities. Employees want the latest technologies to help them do their jobs, and they do not want to wait for IT buy-in. On the other side, IT teams are hard at work trying to bring employees the tools they need to work efficiently without sacrificing security in the process. This tension is evident in our survey, as 55% of employees said IT is a source of inconvenience for them.
Employees may not mean any harm when they go around IT’s security protocols, but at the end of the day, they are still creating more risk for IT teams to manage. Even worse, while employees are not interested in following IT’s mandates, they can be quick to blame IT when things go awry, which only adds to the tension between the two parties. In short, employees do not understand the critical role they play in their organizations’ cybersecurity.
Employees are not the only ones introducing risk into the workplace. With the digital transformation, new cybersecurity threats are emerging every day. One example of this is new technologies like software bots showing up in the workplace to drive efficiency. This has redefined the definition of a ‘user’ – an obvious problem when you consider that users have become the new ‘security perimeter’ today as the traditional network perimeter has all but vanished thanks to digital transformation.
While these bots may increase efficiency, they are also accessing mission-critical applications and data. However, they are often not being properly secured in the same way as an organization’s other identities like employees, contractors and partners, opening the door for hackers.
Identity-centric Cybersecurity: The Secure Path Forward
If the 2018 Market Pulse Survey findings show us anything, it is that identity governance is now more critical than ever as organizations rethink the way they approach the concerning security and identity issues we uncovered. An identity-centric cybersecurity strategy provides visibility and security across all digital identities and their access to all sensitive applications and data, helping organizations rise above these challenges and embrace the future with confidence.
Read the Full Results: Download the Report