Studies Show C-Suite Executives Are a Cyber Risk - A Business Blog Article from KLR

Business Blog

Studies Show C-Suite Executives Are a Cyber Risk

posted May 21, 2018 by Daniel M. Andrea, CPA, CITP, CISA in the Business Blog

  • LinkedIn
  • Google+

A recent poll shows that those in charge of running businesses are the most likely to expose their company to a major cyber-attack. Surprised? It may also come as a shock that more than two-fifths of Chief Information Security Officers (CISOs), Chief Security Officers (CSOs) and Chief Information Officers (CIOs) see their fellow C-Suite colleagues as the most averse group. Why? Read on.

Let’s take a look at the numbers

Bitdefender recently conducted a survey of 250 information security executives. Here’s what they gathered:

  • 75% of survey respondents said that managers are most likely to ignore data security rules
  • Only 25% consider day-to-day knowledge workers the most InfoSec-averse.
  • 2 in every 10 respondents cited finance as the most vulnerable department, followed by sales (17%)
  • 42% of respondents said that their main concern was losing customer and stakeholder trust
  • 26% worry about the company being fined by a supervisory authority

How can businesses overcome these potential challenges?

InfoSec executives are taking a close look at how they can mediate these risks. For starters, cyber security MUST be a C-Suite priority. In addition….

  • 75% of executives say endpoint security, detection and response are critical tools to have in place
  • 74% say anti-exploit/ memory protection tools serve a vital layer of defense, too.
  • Every member of an organization should have what’s called a “Zero trust” security posture, in which they do not automatically trust anything sent from inside the company or from the outside, and instead must verify everything trying to connect to systems before granting access.
  • Organizations have found they need to be “tougher” at conveying the repercussions of poor information security practices
  • Organizations should increase user awareness to the variety of different attack vectors
  • Businesses should mock phishing and social engineering attacks on employees to reinforce the consequences of information security negligence.

Interested in learning more about how you can protect your organization? Contact our Information Security Services Team for assistance.