The poll, undertaken by Netconsent and The Federation Against Software Theft, highlights that 94% of members have ICT security policies in place at work, of which almost two thirds (60%) are updated at least once a year.
While this is encouraging news, it is nullified by the fact that more than three quarters (77%) of respondents do not have a process in place to ensure these policies are understood.
With just under half (44%) of respondents claiming that they lacked confidence in their colleagues understanding of ICT policies, organisations are increasing the risk of policy breaches. 40% of respondents admit that they have had to initiate disciplinary procedures as a result of a member of staff breaking ICT policies. The costs of such occurrences can escalate quickly; nearly three quarters (70%) of associated costs are spent on putting a case together and attending disciplinary hearings; diverting attention from other more strategic human resources (HR) functions.
Dominic Saunders, Netconsent’s Operations Director, says: “It is surprising that such a high proportion of respondents have concerns surrounding their colleagues’ understanding of policies yet still don’t have a process to educate and test policy recognition. Effective policy management is fundamental to managing risk and improving compliance.”
“Increasingly organisations are looking for practical ways of managing the policy management lifecycle to cut administration costs and protect themselves against litigation. Policy management tools like Netconsent are fast becoming an essential application for those serious about demonstrating best practice and exemplary corporate governance.”
“IT compliance is a legal requirement", states John Lovelock, Director General of The Federation Against Software Theft. "All Board Members must take their responsibilities seriously to ensure that organisations are complying with the law. Policies are an important communication tool not only to educate users and remind them of their rights, responsibilities and the consequences of their actions, but also to protect them."
Other Key Findings include:
Regular updates keep disciplinary hearings and tribunals down: Only 44% of respondents have an ICT policy that states how often that document should be reviewed and/or updated. Worryingly 10% of respondents would never update that document.
Annual check-ups: Although 60% of respondents update ICT policies on an annual basis, almost a third of respondents have dealt with a disciplinary case within the past year.