1 in 3 Decision-Makers Say Their Company Knowingly Takes Compliance Risks
According to a survey conducted by IT security firm DataMotion, 84 percent of respondents believe employees/co-workers violate security and compliance policies for transferring files electronically and only 45.5 percent feel these policies are fully understood, with nearly one in three respondents admitting that their company knowingly takes risks because they don’t have the resources to be totally compliant. The survey finds that only 37.5 percent of respondents state they are very confident that their organization would pass a compliance audit if selected.
The survey particularly focused on those in industries that routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.
Key highlights from the DataMotion survey include:
- Inadequate Security and Compliance Policies: Though 80 percent said their company has security and compliance policies for transferring files electronically, respondents feel they are not clearly understood or followed. Only 45.5 percent of this group feel employees/co-workers fully understand these policies, and 84 percent believe employees/co-workers routinely or occasionally violate security and compliance policies.
- Threat of Consumer-type File Transfer Services: Consumer-based applications for sharing files often have weak security and IT administrative controls, leading to potential data leakage and serious risks with sensitive information if used in the workplace. Despite this, 34.2 percent of respondents have used, or recommended that others use, free consumer-type file transfer services such as YouSendIt, Dropbox, iCloud, etc. for work purposes; 43.4 percent stated their company does not forbid the use of free consumer-type file transfer services; 52 percent said their company does not block the URLs to free consumer-type file transfer services.
- Vulnerabilities in Secure Email and File Transfer Capabilities: The ability to send sensitive information securely and compliantly via email is vital. Yet, despite growth in usage, survey data shows many companies are still lacking basic tools for secure data delivery: 34.5 percent of respondents do not have the ability to encrypt email; 28.9 percent said their company does not monitor the content of outbound email and file attachments for compliance purposes; 42.5 percent are only “somewhat” confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes, and an additional 3.8 percent are not confident at all; 54 percent do not have a single tool for securely encrypting sensitive email and transferring files.
- “Rolling the Dice” on Audits: Failing to pass a compliance audit can result in costly fines and damaged reputations. Even so, the survey shows companies are taking risks, either because they lack the resources to fully comply, or, don’t feel it’s likely their organization will be audited. When asked to describe their company’s approach to compliance, 31.5 percent said they take risks because they don’t have the resources to be totally compliant; 38.6 percent of respondents feel it is not likely their company will be selected for a compliance audit in the next 12 months, with 37.5 percent saying it is only “somewhat” likely. Only 37.5 percent of respondents are very confident their company would pass a compliance audit.