A cybersecurity survey conducted by British IT and telecom firm Daisy Group has revealed that almost two thirds of public sector employees would not report a serious data breach that they thought would cause problems in the workplace.

The research, which was based on a study involving 2,000 public sector staff, also discovered that many workers held a negligent attitude toward sufficient password protection. It found that respondents were willing to sidestep corporate security policies to ease their work life.

The survey showed that 64% of employees in the public sector would keep quiet about major security breaches, and that 5% had disabled password protection features on a laptop, mobile or other mobile devices.

20% confirmed that they do not regularly update their passwords, while a further 8% answered that they used ‘simple’ passwords that could be easily guessed.

Daisy Group’s product director of cloud services Graham Harris explained that the survey served to highlight the importance of staff awareness and involvement in effective IT security management.

“Procedures that are complicated or disrupt the working environment often result in employees finding ways to circumnavigate them or taking matters in their own hands,” he said.

“When it comes to data security, all too often organisations focus purely on IT processes and forget about the staff that will be using them. Human error is one of, if not the most likely source for data security issues, and fear of reprisal is a powerful force.

“Public sector organisations must be proactive and educate their staff about what data security processes and policies there are, why they exist, what the staff member’s responsibilities are and reassure them about what to do in the event of a problem,” Harris continued.

An additional finding showed that 16% of public sector workers said that they had “no idea” whether data protection was an important factor in their company’s security policies.

Daisy Group referred to the updated EU data protection laws requiring that businesses report data breaches to higher authorities within 24 hours, expected to be in place by the end of 2018.