Security is critical to business operations. The disruptive impact of ransomware attacks has made this clear. But if employees don’t understand the goals and reasoning behind their organization’s security policies – and if technical controls are too obtrusive – this can lead to apathy, resentment and even circumvention.
Our latest HP Wolf Security study – Rebellions & Rejections – uncovers worrying workforce security trends, examining how IT security teams have responded to the challenge of securing remote workers during the pandemic, and how employees have behaved. The research draws on data from a global YouGov online survey of 8,443 office workers who shifted to remote work during the pandemic and a global survey of 1,100 IT decision makers (ITDMs), conducted by Toluna.
Apathetic, Frustrated and Increasingly Rebellious
ITDMs reported widespread security challenges caused by the shift to remote work. For example, nearly all (91%) respondents described feeling pressured to prioritize immediate business continuity over security. Making matters worse, their attempts to update security measures led 80% to report that they faced opposition from users. This was particularly true for employees aged 18-24 – digital natives who feel increasingly frustrated with security getting in the way of deadlines, with nearly a third (31%) admitting that they have tried to circumvent security controls.
“If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.” – Ian Pratt, Global Head of Security for Personal Systems, HP Inc.
- 76% of IT teams polled admit security took a back seat to business continuity during the pandemic, while 91% felt pressure to compromise security if it benefitted business continuity.
- Almost half (48%) of younger office workers (18-24 years old) surveyed viewed security tools as a hindrance, leading to nearly a third (31%) trying to bypass corporate security policies to get their work done.
- 48% of office workers surveyed agreed that seemingly essential security measures result in a lot of wasted time – rising to 64% among those ages 18-24.
- Over half (54%) of 18–24-year-olds were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what their security policies say, or are unaware if their company even has them – suggesting growing apathy or a lack of awareness among younger workers.
- As a result, 83% of IT teams surveyed believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.
The report highlights how security controls often create friction for users, creating resentment and leaving security teams feeling dejected and rejected:
- 80% of IT teams experienced objections from users who do not like controls being put on them at home; 67% of IT teams said they experience complaints about this weekly.
- 83% of IT teams said trying to set and enforce corporate policies around cybersecurity is impossible now because the lines between personal and professional lives are so blurred.
- 80% of IT teams said IT security was becoming a “thankless task” because nobody listens to them.
- 69% of IT teams said they are made to feel like the “bad guys” for imposing restrictions.
Reducing User Friction and Bolstering Security Culture
As well as describing workforce security trends in the report, we share our recommendations for reducing user friction by implementing security controls with transparency, usability and digital transformation in mind. We also offer suggestions on how to build a collaborative security culture, which is vital because because effective security governance relies on employees complying and engaging with security policies.
“To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.” – Joanna Burkey, Chief Information Security Officer (CISO), HP Inc.
HP is helping organizations to secure the hybrid workplace by delivering transparent and unobtrusive endpoint security. With HP Wolf Security organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. It enables security teams to deploy user-friendly tools and help to ease restrictions, while also providing defense-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect businesses.
About the Research
The report is based on:
- A Toluna survey of 1,100 IT decision makers in the UK, the US, Canada, Mexico, Germany, Australia, and Japan. Fieldwork was undertaken between 19th March – 6th April 2021. The survey was carried out online.
- A YouGov survey of 8,443 adults in the US, the UK, Mexico, Germany, Australia, Canada, and Japan who used to be office workers, and worked from home the same amount or more than before the pandemic. Fieldwork was undertaken between 17th – 25th March 2021. The survey was carried out online.
- The 2020 Cybersecurity Threat Landscape for Remote Workers as a Result of the COVID-19 Pandemic report from KuppingerCole, conducted in March 2021. This provided context and analysis of the changing work landscape in 2020 as a result of the COVID-19 pandemic, focusing on the activities and practices of companies and employees globally, as well as how malicious actors exploited weaknesses arising from changing working patterns.
Download the Rebellions & Rejections Report
Download the report: HP Wolf Security Rebellions & Rejections