Trend Micro, Inc. , a leader in antivirus and content security, announced results of a study that reveal why some end users in enterprise environments around the world are more likely to engage in riskier online behavior at work than home. The findings place added emphasis on the security challenge IT organizations face in protecting business networks, securing critical information, and reducing helpdesk calls.

The study, conducted in July 2005, featured more than 1,200 corporate end users in the United States, Germany, and Japan who responded to an online survey. Of the many findings, perhaps the most significant is the correlation between the presence of an IT department and end-user confidence in the security they expect against viruses, worms, spyware, spam, phishing, and pharming. These expectations often result in riskier online behavior that exacerbates IT’s challenge to protect business operations from increasingly unpredictable threats.

Of those who responded, 39 percent of enterprise end users believed that IT could prevent them from falling victim to threats like spyware and phishing. This belief prompted many of them to admit bolder online behavior. Of those who admitted to engaging in bolder online behavior, 63 percent acknowledge that they are more comfortable clicking on suspicious links or visiting suspicious Web sites because IT has installed security software on their computers. Forty percent of those who admitted to engaging in riskier online behavior said it was because IT was available to provide support if problems occurred. Because of the correlation between IT’s presence, end-user security expectations, and riskier end-user behavior, the study magnifies the importance for IT to ensure up-to-date security across the business network.

“Although end users have expectations of IT to educate and protect them, they may not always help in overcoming network security challenges. In fact, they could make it more difficult,” said Max Cheng, executive vice president and general manager of Trend Micro’s enterprise business segment. “Eye-opening revelations like these highlight the security challenges IT departments face within their own organizations and should motivate them to ensure greater protection across their enterprise.”

The study suggests that a bolder user base can impact an enterprise organization’s ability to contain costs, particularly associated with its IT helpdesk. For example, in Germany, end users expressed a high degree of confidence in their IT departments, admitting that their presence made them feel more inclined to click on suspicious links, open suspicious emails, and, if needed, contact the helpdesk when problems occurred.

Forty percent of German end users were inclined to contact IT regarding security issues — whether they were perceived or real. In fact, 38 percent of German enterprise end users had contacted their IT departments about security concerns within three months leading up to the survey. For enterprise organizations with hundreds or thousands of employees, the likelihood for 38 out of every 100 end users to engage helpdesks about security issues — in a concentrated amount of time — impacts IT’s ability to manage its cost structures and protect investments.

“More than just network availability or information integrity is at stake,” Cheng said. “Understanding end user behavioral tendencies and protecting the business can be the difference between ensuring business continuity and losing it.”

Noteworthy findings include:

  • In the United States, 48 percent of workers who admit they are more likely to open suspicious emails or Web links on their work computers than at home said it was because they had IT to support them if something bad happened. Germany (39%) and Japan (28%) featured similar results.
  • In Germany (76%) and the United States (65%), business end users who admitted to being more likely to open suspicious emails and links said it was because IT had installed security software on their computers. In Japan, 42 percent felt the same way.
  • 1 out of 3 (34%) U.S. business end users and at least 1 out of every 4 in Germany (29%) and Japan (28%) who admitted that they are more likely to open suspicious emails or click on suspicious links said it was because the computer equipment was not theirs.
  • At least 1 out of 4 end users in the United States (31%) and Japan (27%) contacted their IT helpdesks regarding security concerns within three months of responding to the survey. In Germany, 38 percent of enterprise end users had contacted IT within the same timeframe because of security concerns.

“Policy enforcement for security products and the ability to control access to the Internet from a central server are key success factors in ensuring corporate desktop security and protecting the bottom line,” Cheng said. “In looking at the big picture, this must all be part of a multilayered antivirus and content security solution that spans the entire network environment, from gateways and servers to desktops and mobile devices. Such an infrastructure enables the delivery of timely updates that protect every corner of your network — and therefore your business.”