European SMB Employees Surf for Two Hours a Day, Yet IT Managers Pass The Buck on Security

Websense commissioned research reveals IT managers rate employee behaviour as their number one job frustration, yet fail to put IT security measures in place

CHERTSEY, August 23rd, 2007 -Independent research commissioned by Websense, Inc. (NASDAQ:WBSN) has revealed that a quarter of IT managers within small and medium sized businesses (SMBs) throughout Europe believe that employees are ultimately responsible for IT security breaches.  The survey of a total of 750 IT managers and employees in SMBs across five European countries was carried out by Dynamic Markets. The SMB State of Security (SOS) survey revealed that European employees are spending an average of just under two hours a day on the Internet - with over half an hour browsing non work-related sites.  Yet, IT Managers believe that employees are spending an average of 48 minutes a day surfing non-work websites - equivalent to 4 hours a week.

Although employees acknowledge that they spend an average of two and a half hours a week freely surfing the Web for pleasure, less than half (47%) of European IT Managers surveyed use Web filtering software to protect their employees from hidden and invisible Web-based threats. Furthermore, almost a third (31%) of employees surveyed said they could not live without being able to access Websites at work known for being high security risks, such as peer-to-peer (25%) and free software download sites (17%). 

Twenty-three percent of SMBs have Internet use policies in place but do not require an employee to officially sign the policy.  A further 16% admitted to not having a usage policy at all, saying that trust in their employees was adequate in order to prevent abuse. Yet nearly a third of IT managers (32%) rated 'employee behaviour' as the leading cause of job frustration when it comes to implementing and maintaining IT security, with 'IT security not being high enough up the corporate agenda' as the second highest at 27% and 'budget constraints' coming in third place at 21%.

Nearly a fifth of IT managers (17%) believed that SMBs should have less protection in place than large organisations because they are exposed to lower levels of risk.  A further 7% believed that less protection was inevitable due to smaller budgets at SMBs compared to large companies. A significant majority, 71%, felt all companies should have equal levels of protection, irrespective of their size.  With user error being the most predominant cause of Web-based security breaches, lack of company-wide understanding around IT security has left SMBs wide open to Internet security threats.

The survey also reveals the majority of SMB employees are placing a false sense of security in their IT department, with two-thirds (66%) entrusting blind faith in their company to protect them from every Internet security threat.  For example, only 31% of employees who have used their personal credit card at work have questioned their IT department about whether their PC was protected against identity theft. 

"We urge all small to medium size businesses to make IT security a business-critical issue. Leaving their employees to make security decisions based on what they feel is right is not only putting company confidential data at risk, but also adding strain to the IT department," said Mark Murtagh, Technical Director, Websense.  "Internet use policies need to be automated to ensure that hidden dangers are found and protected against."

About the SMB State Of Security Research
The SMB State of Security (SOS) report is an independent market research report undertaken by Dynamic Markets on behalf of Websense,Inc.  This report details quantitative research based on responses from 375 IT Managers with responsibility for IT security and 375 employees in companies with 100-250 employees from the UK, Germany, France, Italy and the Netherlands.  Before and during the interviews, respondents were not aware that Websense had commissioned the research.

About Websense, Inc.
Websense, Inc. (NASDAQ: WBSN) protects more than 25 million employees from external and internal computer security threats.  Using a combination of preemptive ThreatSeeker™ malicious content identification and categorisation technology and information leak prevention technology, Websense helps make computing safe and productive.  Distributed through its global network of channel partners, Websense software helps organisations block malicious code, prevent the loss of confidential information and manage Internet and wireless access.  For more information, visit www.websense.com.

About Dynamic Markets Limited
Dynamic Markets is an independent market research consultancy that has been carrying out global research for blue chip companies like Microsoft, Oracle, Cisco, Vodafone, Egg, M&S and many others for over 8 years.  It operates to a strict code of conduct, as defined by the Market Research Society (MRS).