According to a new study, over 90% of IT teams feel pressured to compromise security if it benefits their organization’s business continuity, reinforcing the narrative that remote and hybrid work practices are not conducive to a strong cybersecurity posture.
The findings come from the HP Wolf Security study, Rebellions & Rejections, that uncovers workforce security trends and looks at how IT teams have responded to the challenge of securing IT environments during the pandemic and associated work trends.
Drawn from data from a global YouGov online survey of more than 8,400 office workers who shifted to remote work and a global survey of 1,100 IT professionals, the report found that 76% of IT teams admit security took a back seat to business continuity during the pandemic and shift to remote work.
A large amount of younger employees between 18 and 24 (48%) saw security tools as an annoyance, which led to 31% trying to bypass corporate security policies to get their work done.
Another 48% of office workers said essential security measures lead to wasted time, with 64% of that younger age group agreeing.
Again, that younger age group indicated that they are less worried about cybersecurity than they are about doing their job, with 54% saying they were more concerned with meeting deadlines than exposing their organization to a data breach. Another 39% said they were unsure about their organization’s security policies, or if they even exist.
As a result, 83% of IT teams surveyed for the report said home working has become a “ticking time bomb” that could lead to a corporate network breach, the report said.
To navigate these troubling trends, HP Wolf Security has three suggestions:
- Look at securing hybrid work as the norm rather than the exception. Listen to end users and understand how security impacts their workflows and productivity, and then reevaluate security based on the needs of the business and the hybrid worker.
- Support the IT department. The last year and a half has been incredibly challenging for IT and security professionals, who were charged with a massive transition to remote work and then were faced with an onslaught of security threats. Now, they’re burned out on security, and need help from the entire organization to make cybersecurity everyone’s job.
- Make cybersecurity core to the organization. IT and security professionals are the experts, but they can’t act on behalf of end users or keep them from engaging in risky online behaviors. IT needs end users to be on the same page and engage users in more collaborative training to make cybersecurity a part of the organization’s culture.