The findings of the study, conducted by security vendor Trend Micro, which was completed in the United States, Germany and Japan, highlights a tendency for online workers to rely on their IT departments to protect them from malware and other online threats.
The study, conducted in July 2005, featured more than 1,200 corporate end users across the three countries who responded to an online survey. Of the many findings, perhaps the most significant was the correlation between the presence of an IT department and end-user confidence in the security they expect against viruses, worms, spyware, spam, phishing, and pharming. These expectations often result in riskier online behaviour that exacerbates IT's challenge to protect business operations from increasingly unpredictable threats.
Of those who responded, 39% of enterprise end users believed that IT could prevent them from falling victim to threats like spyware and phishing. This belief prompted many of them to admit bolder online behaviour. Of those who admitted to engaging in bolder online behaviour, 63% acknowledge that they are more comfortable clicking on suspicious links or visiting suspicious Web sites because IT has installed security software on their computers. 40% of those who admitted to engaging in riskier online behaviour said it was because IT was available to provide support if problems occurred.
"Although end users have expectations of IT to educate and protect them, they may not always help in overcoming network security challenges. In fact, they could make it more difficult," said Max Cheng, executive vice president and general manager of Trend Micro's enterprise business segment. "Eye-opening revelations like these highlight the security challenges IT departments face within their own organisations and should motivate them to ensure greater protection across their enterprise."
The study suggests that a bolder user base can impact an enterprise organisation's ability to contain costs, particularly associated with it's IT helpdesk. For example, in Germany, end users expressed a high degree of confidence in their IT departments, admitting that their presence made them feel more inclined to click on suspicious links, open suspicious emails, and, if needed, contact the helpdesk when problems occurred.
40% of German end users were inclined to contact IT regarding security issues - whether they were perceived or real. In fact, 38% of German enterprise end users had contacted their IT departments about security concerns within three months leading up to the survey. For enterprise organisations with hundreds or thousands of employees, the likelihood for 38 out of every 100 end users to engage helpdesks about security issues - in a concentrated amount of time - impacts IT's ability to manage its cost structures and protect investments.