By now, it’s practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that’s due to ignorant users or poorly enforced policies. Not so for a chunk of the US working population—according to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done.

The survey of 1,347 employed adults was conducted on behalf of Fiberlink, a company that hawks services that “help enterprises connect, control and secure laptops and mobile devices.” Needless to say, the survey results fit perfectly into the company’s agenda, but they are hardly surprising. After all, how many of us know someone who has left a work laptop in an unattended vehicle, sent unencrypted e-mails without permission, or reused the same three passwords over and over instead of choosing new ones every 90 days?

Fiberlink CEO Jim Sheward warned of the obvious. “IT departments nationwide spend a lot of time and money on their compliance, usage, and access policies, but they only work if people follow the rules,” he said in an e-mailed statement. [C]ompanies could face dangerous breaches that include the loss of sensitive data, competitive intelligence, or customers’ private information.”

Harris’ findings are supported by previous reports saying that leaky employees are a bigger threat than malware, that employees (not hackers) cause the most corporate data loss, and that employees’ online activities pose the greatest threat to IT security. With 12 percent of those people actively working outside of stated IT policy (and plenty more who do so out of ignorance), IT admins certainly have their work cut out for them if they want to maintain a tight ship.

Read the comments on this post