Select Page
Research library

Simply blaming non-compliance is too convenient: What really causes information breaches?

Organizations typically respond to information breaches by implementing policies to regulate and control employee actions, particularly around the usage of information technology. However, there’s limited evidence indicating these policies effectively curb information loss or confidentiality breaches. This article delves into potential reasons for this ineffectiveness and reports on a survey conducted within a UK National Health Service health board. The argument presented suggests that a holistic view of the entire system, rather than a narrow focus on individual actors, is necessary for effective security management. The survey findings illustrate how organizational pressures and policy restrictions often corner staff, sometimes leading them to break rules in order to perform their jobs. An additional list of resources is included as a web extra.

You May Also Like