The biggest cyber security problem that large companies face may be their own employees - with a survey of 165,000 workers revealing that nine out of ten employees knowingly ignore or violate data policies. Despite being warned of the risks, employees routinely share passwords and indulge in other insecure practices.

The worst offenders are senior executives, according to the survey conducted by international member advisory firm CEB (Corporate Executive Board). CEB works with 94% of Fortune 100 companies.

The survey, conducted over several years, found that 93% of workers knowingly violate data security policies. Common violations of best security practice included sharing passwords between workers. One-third of workers admitted to writing passwords down in insecure locations such as on Post-It notes.

The research was reported in the Financial Times.

Jeremy Bergsman, senior research director at CEB said, “In order to get employees to do the right thing you need to make it as easy as possible to do. These people are not malicious. Most people are just trying to get their jobs done, that’s why they break policy.”

Of course, companies that take time to educate employees about their IT security policies may be able to achieve greater compliance. Last year, surveys conducted for ESET suggested that 68% of employees get no security training.