C-suite ‘most likely to expose organisations to cyber attacks’

The C-suite is ‘most likely to expose organisations to cyber attacks’, according to colleagues [Image: BrianAJackson via iStock]

The professionals responsible for running an organisation are actually the ones most likely to expose it to a major cyber attack, according to information security executives.

A new report by security firm Bitdefender, ‘Small Gains, Big Wins’, has reported that 41 per cent of chief information security officers (CISOs), chief science officers and chief information officers perceive their direct C-suite colleagues as “the most infosec averse” out of any other business demographic.

According to the firm, this “paints a concerning picture at the top of UK businesses given the current global security landscape”.

Reputational damage was a significant problem for those surveyed, with 42 per cent of infosec executives reporting that they are most concerned about a loss of customer or stakeholder trust. Meanwhile, more than 26 per cent are worried about the company being fined by a supervisory authority, such as the Information Commissioner’s Office.

A significant number of information security executives (75 per cent) also reported that the management team in their organisation, from the board level down to junior department heads, were the most likely to flaunt data security rules. Bitdefender found that this is in sharp contrast to the 25 per cent who thought day-to-day knowledge workers were likely the most infosec averse.

The report also revealed that those most likely to handle sensitive information were deemed at greater risk of a data breach. Two in every ten information security executives (23 per cent) cited finance as the most vulnerable department, followed by sales (17 per cent).

Liviu Arsene, global cybersecurity analyst at Bitdefender, said: “Our research found that nearly two-thirds of CISOs are losing sleep at night about information security threats, but their direct C-Suite colleagues are the biggest culprits when it comes to bending the rules.

“Infosec execs need to be far tougher at conveying the real-life repercussions of poor information security practices, from the board level downwards.”