The poll, taken by NETconsent and The Federation Against Software Theft (FAST), highlights that 94 percent of members have IT security policies in place at work, of which almost two thirds (60 per cent) are updated at least once a year.
While this is encouraging news, it is undermined by the fact that more than three quarters (77 percent) of respondents do not check to ensure these policies are understood by staff.
"IT compliance is a legal requirement," said John Lovelock, director general of FAST.
"All board members must take their responsibilities seriously to ensure that organisations are complying with the law. Policies are an important communication tool not only to educate users and remind them of their rights, responsibilities and the consequences of their actions, but also to protect them."
Just under half (44 percent) of respondents claimed that they lacked confidence in their colleagues' understanding of IT policies and as a result, organisations are increasing the risk of policy breaches.
Around 40 percent admit that they have had to initiate disciplinary procedures as a result of a member of staff breaking ICT policies.
The costs of such occurrences can escalate quickly; nearly three quarters (70 percent) of associated costs are spent on putting a case together and attending disciplinary hearings, diverting attention from other more strategic human resources (HR) functions.
Dominic Saunders, operations director at Netconsent, said, "It is surprising that such a high proportion of respondents have concerns surrounding their colleagues' understanding of policies yet still don't have a process to educate and test policy recognition. Effective policy management is fundamental to managing risk and improving compliance.
Workers at risk from ignorance of IT policy
By Clement James on Jul 31, 2007 9:16AM