Strange days indeed: Canadian IT managers feel that getting a divorce or losing their job is less stressful than looking after company data.  A new report from Websense reveals substantial surprises on perceived security practices, including overconfidence in dealing with today’s threats.

Websense commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).

IT managers and non-IT employees in Canada were recently surveyed on confidence, confidential data, and today’s cyber cons.  What Websense found was a surprising degree of overconfidence.

Sample research queries were: How are IT managers coping with today’s fast-changing threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data?

The Canadian research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance. IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident.

Yes, Canadian IT managers actually feel that getting a divorce or getting married was less stressful than protecting the company’s confidential data. In addition, 11% said that losing their job was a less stressful event and 20% would rather start a new job.

Key Canadian Findings:

Stress of Security

·         Data breaches put IT jobs on the line. More than 80% said that their job would be at risk if a security incident were to occur, including if a CEO or other executive’s confidential data is breached (38%); data needed for compliance is lost (32%); and if confidential information is posted on a social networking site (34%).

·         Confidential data breaches. Shockingly, a full 30% report that the CEO’s or other executives’ confidential data had been breached. 22% report losing data needed for compliance. 23% state that confidential information has been posted on a social networking site and 40% say that data has been lost by employees.

·         Hidden data loss. A suspiciously large gap in the experience of IT managers and confessions from employees indicate extensive under-reporting on security breaches. Just two employees for every 100 admit to posting confidential information on a social networking site, but 23% of IT managers say that it has indeed occurred in their organization. One employee in 100 reveals they have introduced malware onto the network – but 32% of IT managers have already seen it happen. And it gets worse: if employees did accidentally compromise company data, 30% of them would not tell their boss.

Sample findings:

·         81% of Canadian IT security managers feel confident that their IT security protects their company against modern malware.  This is an incredibly bold statement to make when in the last 12 months we have witnessed more data breaches than ever.

·         61% worry about advanced persistent threats and 21% said they have been a victim of this type of attack

·         Yet only 49% protect themselves against company-confidential data being uploaded to the web

False sense of security leads to data leaks:

·         30% reported the CEO’s or other executives’ confidential data had been breached: a spine-chilling, headline-grabbing statistic for any company

·         40% report data had been lost by employees

·         35% stated company data was taken home on an unprotected mobile device

·         22% reported data affected by regulatory compliance was compromised

·         23% have seen confidential information posted on a social networking site