Security: Workplace Autopilot Threatens Security Risk Perception

Workplace Autopilot Threatens Security Risk Perception
University of Leeds (02/08/08)
Human psychology and the way we perceive risk make it impossible for organizations to completely secure their data, no matter what preventative steps they take, concludes research conducted by Britain's Leeds University Business School. During the study, people who regularly used IT systems at work were asked to list examples of possible data security risks, either imaginative or ones they have seen in their personal experiences. Another group was asked to comment on the probability, underlying causes, likely consequences, and impacts of the scenarios that were most commonly listed. The study found that many of the risk examples listed by the participants matched recent security breaches, despite the fact that the survey data was collected over a two-year period. Professor Gerard Hodgkinson, director of the Center for Organizational Strategy, Learning, and Change, says the research shows that organizations will never be able to remove all of the latent risks in the protection and security of data stored on IT systems because people's brains naturally run on "automatic pilot" in routine situations. Dr. Robert Coles, the study's co-author, says the results of the study show that employees exhibit a highly-sophisticated perception and categorization of risk, as well as insight into the consequences of risk scenarios, when asked to focus on potential problems. But since this perception is not always translated into practice, errors are still happening and will continue to happen in the future, Coles says.
Click Here to View Full Article