Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

‘Rogue employees’ are the biggest threat to information security

Rogue employees continue to be the biggest threat to information security, according to 37 percent of IT professionals polled at Infosecurity Europe 2014. The poll conducted by BSI, the business standards company, investigated perceived threats to information security and how businesses are responding.

The poll found that despite taking measures to combat the risks, 37 percent of businesses still see employees as biggest threat to information security, ranking the insider threat, higher than cyber-attacks (19 percent) and bring your own device (BYOD) (15 percent).
In order to reduce the risk to their business, over half (52 percent) have implemented an internal information security policy, 47 percent have provided staff training and 63 percent are either certified (29 percent) or operating in compliance (34 percent) with ISO 27001, the international Information Security Management System Standard. A further 23 percent indicated they were looking to certify in the immediate future.

However, confidence in security measures to protect against risks is relatively low with under half (46 percent) stating they are confident in the measures their firm has taken. One in ten are not confident at all, yet unsurprisingly in organizations that are certified to ISO 27001 the levels of confidence in security measures rise to 78 percent.

“It’s no surprise to see insider threats as the biggest risk to information security as employees will always be the one thing that cannot be controlled,” said Suzanne Fribbins, Risk Management Expert at BSI. “Employees don't necessarily have to be malicious to put a company at risk; they may just not understand the possible risks associated with their actions. Research has shown that effective staff training can halve the number of insider breaches, by ensuring employees understand the importance of information security and their role in protecting businesses critical information.”

Commitment from senior management is essential if an organization is to manage information security effectively. Encouragingly, 73 percent of respondents believe senior management is dedicated to information security. But 54 percent do not feel the necessary resources are allocated to it, despite this being one of the key ways in which top management can demonstrate its commitment to protecting the confidentiality, integrity and availability of information.

The poll also found that over three quarters (77 percent) of organizations are increasingly being asked for ISO 27001 as a customer requirement when bidding for new business.


•Date: 14th May 2014 • UK / World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here