Cisco says South African organisations place too much focus on external IT security policies and resources like cybercriminals and hackers, and not enough on the threat from within the business.

A report from the multinational networking company has noted that employee behaviour is a genuine weak link in cyber security and is becoming an increasing source of risk - more through complacency and ignorance than malice.

An increasing number of employees feel that security policies are inhibiting innovation and collaboration making it harder for them to do their jobs effectively, the report claims.

Kian Ellens, business development manager, Cisco South Africa said, "This study confirms the complex challenges facing businesses when it comes to IT security. The results show most employees recognise that the threat from cyber criminals is real and worthy of continuous defence, but it also reveals that employee complacency about IT security is increasing the risks for South African businesses.

"An employee who blindly trusts is one amongst several 'weak links' in the security chain. These expose an organisation to greater risks by providing enterprising hackers with multiple doorways that can be unlocked and potentially lead to sensitive data," Ellens said.

According to Cisco's research there is an urgent need to evolve security policies so that they continue to provide the best possible defence against attack from outside the organisation while simultaneously adapting to different types of employee behaviour.