I'm always interested in the convergence of social issues, especially those relating to new technology and liability exposure. So a story that made the news today really hit all my hot buttons.
Cisco just came out with a report that finds 7 out of 10 young employees (another hot button!) frequently ignore IT policies regarding web security. Two-thirds said they believe their company's policies need to be modified, and about 61 percent said corporate IT security "isn't their responsibility," placing the onus was on the employer or device manufacturers.
Seventy percent is a big number. And when you drill down further, the results get even scarier from a risk management perspective. Of the majority who ignore IT policies:
- About one-third said they did it because they didn't believe they were doing anything wrong
- About 22 percent did it because they needed to access unauthorized programs and apps to do their jobs
- About 18 percent said they do not have time to think about policies when they're working
- About 19 percent said they did it simply because the policies aren't enforced
- About 16 percent said following policy is inconvenient
- About 15 percent said they forgot to follow policy
- About 14 percent said they did it because their supervisors aren't watching them.
So what exactly are these Millennials doing online that is verboten by IT? (Hint: It isn't porn sites.) Of the most commonly restricted devices and apps:
- 37 percent cited online gaming
- 15 percent said Apple Inc.'s iPod
- 10 percent said iPads and tablets
- 31 percent said social networking sites like Facebook, Twitter and YouTube.
The study involved 1,400 college students aged 18 to 23, and 1,400 young professionals under age 30 --precisely the tech-savvy, socially engaged demographic that insurance industry recruiters find so desirable.
Insurance is a notoriously risk-averse industry that is also sorely in need of an infusion of young talent. And this is the nexus that could generate problems one way or another, either in recruiting young people, maintaining system security, or both. And to be fair, the issue transcends our industry.
In defense of "the youngsters," as Ed Sullivan used to say, the numbers indicate that companies should rethink some of the more restrictive IT policies. Even the most Luddite and/or paranoid of insurance professionals now recognize the need to use the Web, social media and all the wonderful technology at our disposal -- not just to reach increasingly tech-demanding customers, but to interact with peers, work remotely on projects and accounts and stay connected with carriers.
You could argue that Facebook, Twitter and YouTube are a frivolous waste of time; but a quick look at any of these sites will uncover just as much business-related information as singing cats.
And as far as restricting the use of iPads and tablets--huh? At the last industry meeting I attended, more than half the participants were assiduously taking notes on their devices as I scribbled with pen and notepad. I might as well have been using a stone tablet, hammer and awl.
On the other side of the coin, security issues arising from web usage, no matter how innocuous, is a very real risk. According to a recent report by PwC, 45 percent of U.S. respondents from 158 companies, including insurers, reported their organization had suffered fraud in the last year, up 10 percent from 2009. Of those respondents, 40 percent were affected by cyber crime. Of course, this doesn't include the risk management threats and potential lawsuits that can arise from the misuse of technology -- just ask Anthony Weiner.
So how does a business balance the need for security against the need for young talent? How are you handling the issue in your own agency? I'd love to hear from you.