Global study explores behavioral risks based on country, culture - from accessing unauthorized facilities and networks to intentionally leaking corporate information

SAN JOSE, Calif. - September 30, 2008 - Cisco® today announced findings from a new global security study that spotlights numerous risks taken by employees that can lead to one of the most prominent security concerns for businesses: the loss of corporate information. The study identifies common data leakage mistakes among workforces around the world and is based on surveys of more than 2,000 employees and information technology professionals in 10 countries. The findings show that behavioral risks of employees can vary by country and culture, creating opportunities for businesses to tailor risk management plans that prevent incidents locally while remaining global in scope.

Conducted by InsightExpress, a U.S.-based market research firm, the study was commissioned by Cisco to examine security and data leakage (www.cisco.com/go/dlp) implications for businesses at a time when employee lifestyles and work environments are changing dramatically. As the reliance on centralized offices shifts to distributed business models and remote workforces, lines are blurring between work life and personal life. This operational shift for businesses and the lifestyle overlap for employees are driven in large part by the proliferation of collaborative devices and applications that are used for both purposes, including mobile phones, laptops, Web 2.0 applications, video and other social media.

This evolving business environment serves as a backdrop for the study, which surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries: the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil. The countries were chosen because they represent a diverse set of social and business cultures, established and emerging network-dependent economies and varied levels of Internet adoption.

"We conducted this research in order to understand behavior, not technology per se," said John N. Stewart, chief security officer of Cisco. "Security is ultimately rooted in users behavior, so businesses of all sizes and employees in all professions need to understand how behavior affects the risk and reality of data loss - and what that ultimately means for both the individual and enterprise. Understanding this can help strengthen relationships between IT and employees, tailor localized awareness and education programs, and better manage risk. Simply put, security practices can be more effective when all users realize what their actions result in."

Of the many behavioral findings, the 10 most noteworthy were:

"Businesses are enabling employees to become increasingly collaborative and mobile," Stewart said. "Without modern-day security technologies, policies, awareness and education, information is more vulnerable. Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains. This trend is here to stay. To protect your data effectively, we need to start understanding the risk characteristics of business and then base technology, policy, and awareness and education plans on those factors."

Stewart said these behavioral findings can help companies structure employee education programs at a regional level and sculpt global risk management plans. He lists recommended practices for preventing data loss, including:

"Data protection requires teamwork across the company. It's not just an IT job anymore," he said. Today, the study will be presented in more detail by Stewart and other Cisco executives during a live Internet TV broadcast with media and analysts from 8 a.m. to 9 a.m. PDT.

About Cisco

Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

# # #

Cisco, the Cisco logo and Cisco Systems are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.