There is a split opinion on whether cultural and language differences between Western customers and their outsourcing vendors have a negative impact on the results of their cooperation. It’s hard to argue that it often leads to miscommunication on projects and other management problems. However, the recent survey of IT managers and end users of 10 countries, which was published by Cisco Systems, Inc., shows that behavioral and cultural differneces impact the security of business activities as well.

The survey was conducted for Cisco by InsightExpress LLC, a Connecticut-based market research firm. About 2,000 people (almost half of them were decision-makers) were polled in the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil.

Unspoilt by mass mailing worms, DoS attacks and other technology security threats, employees and managers of offshore IT companies are much more relaxed about security issues than their Western collegues. More than half of IT managers surveyed in China and Brazil confirm that their staff members most likely allow outsiders to use corporate laptops and mobile devices without any supervision. Frank and communicative Brazilians can share important job-related information with families and friends without any hesitation. According to the survey, 39 percent of Brazilians, almost 20 percent of Indians and only 16 pecent of Americans act this way. Moreover, 7 and 8 percent of employees from Brazil and India, respectively, can share sensitive data in a conversation with absolute strangers.

Security discipline is understood by employees differently: 60 percent of personnel from Brazil and China while working remotely keep and transfer their files to their home computers. At the same time, end users from China regularly change security and firewall settings on their company-issued laptops compared to only several percent of Americans.

Nevertheless, it would be wrong to jump to the conclusion that outsourcing workers are slap-dash in security matters. In many respects, such an attitude to corporate security can be explained by local communication patterns and it can be improved. The main idea of the survey seems to remind IT and security managers that they should take the cultural aspect into consideration when developing their security risk-management plans and localize them properly.