Human Face Of Information Risk – Results Overview

The first a series of blogs highlighting the results of a recent Ascentor commissioned survey into the Human Face of Information Risk. This first blog gives you an overview of why and how employees would sabotage their company. There are some really interesting and perhaps surprising results but the overall message is clear; if you are serious about protecting company from information loss, engaging with the HR department and developing people based security polices is as important as putting technical controls in place to stop the cyber based hackers.

Have you ever considered who in your workforce would be most likely to want to try and damage your organisation? What would make your staff want to actively go out of their way to bite the hand that feeds them. Employees have a number of reasons that may make them want to take steps to act maliciously against their employer and the figures are quite alarming.

Well over half (57%) of the people polled said that there were circumstances in which they would deliberately sabotage or compromise their employer. In the current economic climate the 15%, representing 4.3m of the working population, citing redundancy as a reason to do so should ring alarm bells across the country. If you are thinking that this only applies to staff with access to IT, it’s worth remembering that Information is not only held on computers; paper still has a major part to play in most organisations and you can’t encrypt the information held in people’s heads.

Have you ever sabotaged or compromised the company you work for?

Yes: 7% (No: 93%)

Over 200,000 people

Have any of your colleagues ever deliberately sabotaged or compromised your company?

Yes: 11.9% (No: 50.8%, Don’t know: 37.3%)

Over 345,000 people

It’s no surprise to find that people are more readily willing to tell of the wrong doing of a third party than admit to it themselves. What this means for information security, is that the internal threat may be more serious than the headline 7% figure suggests.



If you were to deliberately sabotage or compromise your company, would you…


Data theft and information being leaked to rivals would usually be seen on a company’s information risk register. However, not many companies would automatically link this to staff dissatisfaction rates.

The 17% of people who said that they would delete or move valuable information said that they would change passwords, filing structures, etc. This could wreak havoc in any organisation.

An effective information risk management strategy includes listening to what’s being said about your company, which should capture and stem any malicious gossip.

Using divisive speech amongst colleagues is something that good internal information management should uncover. This would need careful management by your HR team and effective training of your people managers.

Better communication between those in management positions and the staff is an obvious area that could be looked at in reducing the statistics for your organisation. The decisions and subsequent strategy on how organisations address this problem should come from the Boardroom.

To find out more about the human factor of Information Security come along to Ascentor’s seminar. Simon Moore from the CBI and Gordon Morrison from Intellect, together with Ascentor’s MD, Dave James will be discussing the results and how to protect your company’s information. The Human Face of Information Risk – The Bristol Hotel – Thursday, 6th September 2012 .

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.