Only 13% of Security Professionals Say User Experience Is Mission-Critical

When employees encounter tech friction or feel frustrated with the tools they are asked to use, they will find a workaround. In fact, one in two office workers admit to using personal devices to log into work networks, with 32% of them revealing their employers are unaware of this practice, according to Securing the Digital Employee Experience, a report from Ivanti.

Yet, just 13% of security professionals say user experience (UX) for end users is a mission-critical priority when adopting cybersecurity tech interventions. By focusing on UX in security measures, organizations can minimize the likelihood of employees bypassing established protocols and resorting to unsafe workarounds.

"Although harmless in the moment, employees typically opt for convenience and put security on the back burner," said Mike Riemer, Field CISO, Ivanti. "Companies should take steps to understand their employees' workplace behaviors and adopt security measures that reduce the temptation for employees to sidestep protocols and use unsafe workarounds. Strong security shouldn't come at the cost of user experience, as it is integral to maintaining both security and productivity."

Key findings from the report include the following:

With the rise of Gen AI, poor security hygiene will increase

When employees have unfettered access to Gen AI tools and other advanced technologies, it can introduce challenges with data privacy, compliance, cyber risks, and copyrighted materials. Ivanti's research shows that 81% of office workers report they have not been trained on Gen AI and 15% are using unsanctioned tools.

Companies aren't providing secure tools for in-office, remote and hybrid work

Whether half of your employees work remotely or just a small fraction do, there is still a profound need to ensure that the company supports all the ways employees work. Only 62% use a VPN or a zero-trust access solution to restrict network access and protect sensitive information, and only 57% use multi-factor authentication.

Security leaders are often excluded from DEX investment decisions

Digital employee experience (DEX)-informed security minimizes the need for employees to change their typical behaviors at work. Yet, only 38% of companies consult the CISO for input on DEX strategy, investments, and planning, despite the significant contributions DEX tools can make to security.

Methodology: Ivanti surveyed over 20,000 IT professionals, executive leaders, office workers and security professionals around the world to understand what organizations are doing to enable positive digital employee experience (DEX) and any barriers organizations face to deliver frictionless experiences.

Hot Topics

The Latest

High-Business Impact Outages Cost Financial Services and Insurance Sectors $2.2 Million Per Hour

Artificial intelligence (AI) is core to observability practices, with some 41% of respondents reporting AI adoption as a core driver of observability, according to the State of Observability for Financial Services and Insurance report from New Relic ...

Conversational APM: How GenAI Is Transforming Observability

Application performance monitoring (APM) is a game of catching up — building dashboards, setting thresholds, tuning alerts, and manually correlating metrics to root causes. In the early days, this straightforward model worked as applications were simpler, stacks more predictable, and telemetry was manageable. Today, the landscape has shifted, and more assertive tools are needed ...

Cloud Backup as a Business Asset: Why Your Backup Strategy Needs to Evolve

Cloud adoption has accelerated, but backup strategies haven't always kept pace. Many organizations continue to rely on backup strategies that were either lifted directly from on-prem environments or use cloud-native tools in limited, DR-focused ways ... Eon uncovered a handful of critical gaps regarding how organizations approach cloud backup. To capture these prevailing winds, we gathered insights from 150+ IT and cloud leaders at the recent Google Cloud Next conference, which we've compiled into the 2025 State of Cloud Data Backup ...

Private Cloud Outlook 2025: A Definitive Cloud Reset

Private clouds are no longer playing catch-up, and public clouds are no longer the default as organizations recalibrate their cloud strategies, according to the Private Cloud Outlook 2025 report from Broadcom. More than half (53%) of survey respondents say private cloud is their top priority for deploying new workloads over the next three years, while 69% are considering workload repatriation from public to private cloud, with one-third having already done so ...

Two-Thirds of Organizations Significantly at Risk of Software Outage within Next Year

As organizations chase productivity gains from generative AI, teams are overwhelmingly focused on improving delivery speed (45%) over enhancing software quality (13%), according to the Quality Transformation Report from Tricentis ...

MongoDB's Market Woes Shed Light on Hard Truths About Vendor Lock-in

Back in March of this year ... MongoDB's stock price took a serious tumble ... In my opinion, it reflects a deeper structural issue in enterprise software economics altogether — vendor lock-in ...

MEAN TIME TO INSIGHT Podcast - Episode 15: DIY Network Automation

In MEAN TIME TO INSIGHT Episode 15, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses Do-It-Yourself Network Automation ... 

Checkmate VPN Intruders with Personal SASE Service

Zero-day vulnerabilities — security flaws that are exploited before developers even know they exist — pose one of the greatest risks to modern organizations. Recently, such vulnerabilities have been discovered in well-known VPN systems like Ivanti and Fortinet, highlighting just how outdated these legacy technologies have become in defending against fast-evolving cyber threats ... To protect digital assets and remote workers in today's environment, companies need more than patchwork solutions. They need architecture that is secure by design ...

Observability 2.0: The Convergence of AI, OpenTelemetry, and Unified Data

Traditional observability requires users to leap across different platforms or tools for metrics, logs, or traces and related issues manually, which is very time-consuming, so as to reasonably ascertain the root cause. Observability 2.0 fixes this by unifying all telemetry data, logs, metrics, and traces into a single, context-rich pipeline that flows into one smart platform. But this is far from just having a bunch of additional data; this data is actionable, predictive, and tied to revenue realization ...

Challenges of DIY Network Automation

64% of enterprise networking teams use internally developed software or scripts for network automation, but 61% of those teams spend six or more hours per week debugging and maintaining them, according to From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation and How Vendors Can Help, my latest EMA report ...

Only 13% of Security Professionals Say User Experience Is Mission-Critical

When employees encounter tech friction or feel frustrated with the tools they are asked to use, they will find a workaround. In fact, one in two office workers admit to using personal devices to log into work networks, with 32% of them revealing their employers are unaware of this practice, according to Securing the Digital Employee Experience, a report from Ivanti.

Yet, just 13% of security professionals say user experience (UX) for end users is a mission-critical priority when adopting cybersecurity tech interventions. By focusing on UX in security measures, organizations can minimize the likelihood of employees bypassing established protocols and resorting to unsafe workarounds.

"Although harmless in the moment, employees typically opt for convenience and put security on the back burner," said Mike Riemer, Field CISO, Ivanti. "Companies should take steps to understand their employees' workplace behaviors and adopt security measures that reduce the temptation for employees to sidestep protocols and use unsafe workarounds. Strong security shouldn't come at the cost of user experience, as it is integral to maintaining both security and productivity."

Key findings from the report include the following:

With the rise of Gen AI, poor security hygiene will increase

When employees have unfettered access to Gen AI tools and other advanced technologies, it can introduce challenges with data privacy, compliance, cyber risks, and copyrighted materials. Ivanti's research shows that 81% of office workers report they have not been trained on Gen AI and 15% are using unsanctioned tools.

Companies aren't providing secure tools for in-office, remote and hybrid work

Whether half of your employees work remotely or just a small fraction do, there is still a profound need to ensure that the company supports all the ways employees work. Only 62% use a VPN or a zero-trust access solution to restrict network access and protect sensitive information, and only 57% use multi-factor authentication.

Security leaders are often excluded from DEX investment decisions

Digital employee experience (DEX)-informed security minimizes the need for employees to change their typical behaviors at work. Yet, only 38% of companies consult the CISO for input on DEX strategy, investments, and planning, despite the significant contributions DEX tools can make to security.

Methodology: Ivanti surveyed over 20,000 IT professionals, executive leaders, office workers and security professionals around the world to understand what organizations are doing to enable positive digital employee experience (DEX) and any barriers organizations face to deliver frictionless experiences.

Hot Topics

The Latest

High-Business Impact Outages Cost Financial Services and Insurance Sectors $2.2 Million Per Hour

Artificial intelligence (AI) is core to observability practices, with some 41% of respondents reporting AI adoption as a core driver of observability, according to the State of Observability for Financial Services and Insurance report from New Relic ...

Conversational APM: How GenAI Is Transforming Observability

Application performance monitoring (APM) is a game of catching up — building dashboards, setting thresholds, tuning alerts, and manually correlating metrics to root causes. In the early days, this straightforward model worked as applications were simpler, stacks more predictable, and telemetry was manageable. Today, the landscape has shifted, and more assertive tools are needed ...

Cloud Backup as a Business Asset: Why Your Backup Strategy Needs to Evolve

Cloud adoption has accelerated, but backup strategies haven't always kept pace. Many organizations continue to rely on backup strategies that were either lifted directly from on-prem environments or use cloud-native tools in limited, DR-focused ways ... Eon uncovered a handful of critical gaps regarding how organizations approach cloud backup. To capture these prevailing winds, we gathered insights from 150+ IT and cloud leaders at the recent Google Cloud Next conference, which we've compiled into the 2025 State of Cloud Data Backup ...

Private Cloud Outlook 2025: A Definitive Cloud Reset

Private clouds are no longer playing catch-up, and public clouds are no longer the default as organizations recalibrate their cloud strategies, according to the Private Cloud Outlook 2025 report from Broadcom. More than half (53%) of survey respondents say private cloud is their top priority for deploying new workloads over the next three years, while 69% are considering workload repatriation from public to private cloud, with one-third having already done so ...

Two-Thirds of Organizations Significantly at Risk of Software Outage within Next Year

As organizations chase productivity gains from generative AI, teams are overwhelmingly focused on improving delivery speed (45%) over enhancing software quality (13%), according to the Quality Transformation Report from Tricentis ...

MongoDB's Market Woes Shed Light on Hard Truths About Vendor Lock-in

Back in March of this year ... MongoDB's stock price took a serious tumble ... In my opinion, it reflects a deeper structural issue in enterprise software economics altogether — vendor lock-in ...

MEAN TIME TO INSIGHT Podcast - Episode 15: DIY Network Automation

In MEAN TIME TO INSIGHT Episode 15, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses Do-It-Yourself Network Automation ... 

Checkmate VPN Intruders with Personal SASE Service

Zero-day vulnerabilities — security flaws that are exploited before developers even know they exist — pose one of the greatest risks to modern organizations. Recently, such vulnerabilities have been discovered in well-known VPN systems like Ivanti and Fortinet, highlighting just how outdated these legacy technologies have become in defending against fast-evolving cyber threats ... To protect digital assets and remote workers in today's environment, companies need more than patchwork solutions. They need architecture that is secure by design ...

Observability 2.0: The Convergence of AI, OpenTelemetry, and Unified Data

Traditional observability requires users to leap across different platforms or tools for metrics, logs, or traces and related issues manually, which is very time-consuming, so as to reasonably ascertain the root cause. Observability 2.0 fixes this by unifying all telemetry data, logs, metrics, and traces into a single, context-rich pipeline that flows into one smart platform. But this is far from just having a bunch of additional data; this data is actionable, predictive, and tied to revenue realization ...

Challenges of DIY Network Automation

64% of enterprise networking teams use internally developed software or scripts for network automation, but 61% of those teams spend six or more hours per week debugging and maintaining them, according to From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation and How Vendors Can Help, my latest EMA report ...