Employee Negligence a Significant Information Security Risk to Businesses in the United States, According to New Shred-it Survey

Lack of Information Security Training & Increased Workplace Mobility Contributing to Gaps in Data Protection & Security

Employee Negligence a Significant Information Security Risk to Businesses in the United States, According to New Shred-it Survey

The author(s)

  • Sean Simpson Vice President, Canada
Get in touch

Cincinnati, Ohio — A new Ipsos poll for Shred-it reveals that employee negligence poses a significant information security risk to businesses in the United States. With one in three working adults admitting to potentially risky behavior in the workplace, and nearly half of small business owners (SBOs) (42%) and C-Suites Executives at large businesses (500+ employees) (47%) reporting that human error or accidental loss by an employee/ insider caused a breach at their organization, the concerns about negligence are warranted.

Carelessness and bad employee habits can be disastrous for an organization, and yet the incidence of such behaviors is alarmingly high. Our research finds that one in four (26%) Americans in the workforce leave their computer on and unlocked when they leave work for the day. Most (65%) take notes in a paper notebook at work, yet two in five (39%) admit to leaving sensitive work documents or notebooks on their desk after departing the office for the day. By engaging in such behaviors, many Americans are routinely leaving sensitive documents and confidential information exposed and vulnerable to theft or breach.

As it turns out, nearly one in five (18%) businesses report suffering a data breach due to an employee losing or having sensitive information stolen. Employees are more susceptible to committing data breaches when working off-site, especially those working at larger organizations. In fact, close to half of C-Suites report having employees that lost or had their company laptop/ device stolen while working off-site (49%), and nearly as many report that their employees lost or had their company mobile phone (43%), electronic storage device (38%), or confidential paper documents with sensitive company information (36%) stolen while working off-site.

And yet employee negligence on its own cannot be viewed as solely responsible for data breaches, as a lack of information security training and increased workplace mobility are also contributing factors to gaps in data protection and security at US businesses. Less than four in five (78%) C-Suites and just 28 percent of SBOs plan to train their employees on information-security policies and procedures over the next year. In the digital age, workplace mobility and flexible, off-site working environments are becoming increasingly important, and are generally regarded as the way of the future. But with an evolving workplace, comes new challenges, as illustrated by the fact that most SBOs (60%) and eighty-six percent (86%) of C-Suites think that the risk of a data breach becomes higher when their employees work off-site. Despite the security risk concerns, however, only one in four (39%) US businesses have a policy in place for storing or disposing of confidential information when working off-site, including just one in three (33%) who say that this policy is strictly adhered to by all employees.

About the Study

Ipsos conducted a quantitative online survey of Small Business Owners (SBO) in the United States (n=1,003), maximum 100 employees and C-Suite Executives in the United States (n=101). C-Suite executives work for companies with a minimum of 500 employees in the United States. Data for Small Business Owners is weighted by region. Data for C-Suite Executives is unweighted as the population is unknown. The fieldwork was conducted between April 3-18, 2018. The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the US SBO sample is considered accurate to within +/- 3.5 percentage points had all US small business owners been surveyed, and the US C-Suite sample is accurate to within +/- 11.1 percentage points had all US C-Suite Executives been surveyed.

In addition to the quantitative online survey, Ipsos conducted a short omnibus survey among a gen pop sample of n=1,002 Americans about data protection and security. Weighting was then employed to balance demographics to ensure that the sample’s composition reflects that of the adult population according to Census data and to provide results intended to approximate the sample universe. The precision of Ipsos online surveys is measured using a credibility interval. In this case, the survey is accurate to within +/- 3.5 percentage points, 19 times out of 20, had all Americans been surveyed. The credibility interval will be wider among subsets of the population. All sample surveys and polls may be subject to other sources of error, including, but not limited to coverage error, and measurement error.

For more information on this news release, please contact:

Sean Simpson
Vice President, Ipsos Public Affairs
+1 416 324 2002
Sean.Simpson@ipsos.com

The author(s)

  • Sean Simpson Vice President, Canada

More insights about Technology & Telecoms

Society