Global Study Explores Behavioral Risks Based on Country, Culture -- From Accessing Unauthorized Facilities and Networks to Intentionally Leaking Corporate Information

SAN JOSE, CA -- (Marketwire) -- 09/30/08 -- Cisco® (NASDAQ: CSCO) today announced findings from a new global security study that spotlights numerous risks taken by employees that can lead to one of the most prominent security concerns for businesses: the loss of corporate information. The study identifies common data leakage mistakes among workforces around the world and is based on surveys of more than 2,000 employees and information technology professionals in 10 countries. The findings show that behavioral risks of employees can vary by country and culture, creating opportunities for businesses to tailor risk management plans that prevent incidents locally while remaining global in scope.

Conducted by InsightExpress, a U.S.-based market research firm, the study was commissioned by Cisco to examine security and data leakage (www.cisco.com/go/dlp) implications for businesses at a time when employee lifestyles and work environments are changing dramatically. As the reliance on centralized offices shifts to distributed business models and remote workforces, lines are blurring between work life and personal life. This operational shift for businesses and the lifestyle overlap for employees are driven in large part by the proliferation of collaborative devices and applications that are used for both purposes, including mobile phones, laptops, Web 2.0 applications, video and other social media.

This evolving business environment serves as a backdrop for the study, which surveyed 1,000 employees and 1,000 IT professionals from various industries and company sizes in 10 countries: the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil. The countries were chosen because they represent a diverse set of social and business cultures, established and emerging network-dependent economies and varied levels of Internet adoption.

"We conducted this research in order to understand behavior, not technology per se," said John N. Stewart, chief security officer of Cisco. "Security is ultimately rooted in users behavior, so businesses of all sizes and employees in all professions need to understand how behavior affects the risk and reality of data loss -- and what that ultimately means for both the individual and enterprise. Understanding this can help strengthen relationships between IT and employees, tailor localized awareness and education programs, and better manage risk. Simply put, security practices can be more effective when all users realize what their actions result in."

Of the many behavioral findings, the 10 most noteworthy were:

1.   Altering security settings on computers: One of five employees altered
     security settings on work devices to bypass IT policy so they could
     access unauthorized Web sites. This was most common in emerging
     economies like China and India. When asked why, more than half (52
     percent) said they simply wanted to access the site; a third said,
     "it's no one's business" which sites they access.
2.