CIOs again see employees as biggest cyber security threat

For more than half of executives, the greatest threat to sensitive corporate data stems from the company’s own employees, rather than external forces.

The report from IT Governance, entitled the ‘Boardroom Cyber Watch’, examined over 250 responses from a wide variety of sectors globally, ranging from technology, to healthcare and financial services.

53% of those polled said employees were the greatest risk to company data, ahead of criminals (27%) and competing organisations (8%).

One in four respondents say their organisation has been subject to a “concerted cyber-attack” during the past year, with another 20% admitting they weren’t sure.

If you’re thinking this is familiar ground, then you’d be right. Last month, a report from Check Point said that two in three companies saw their own employees as a greater security threat than cybercriminals.

The biggest flashpoint from the Check Point report was that, for 42% of firms, they had spent over $100,000 during the year as a result of a “mobile security incident”.

Proof indeed that carelessness comes at a huge cost. But how vigilant are companies in protecting themselves? Not hugely, according to the IT Governance study.

For over half (52%) of those surveyed, cyber security reports come “at best” once a year. But it’s not all bad news; 77% of respondents say they’ve got it covered when it comes to reporting and detecting cyber-security incidents.

So what’s the solution? Staff security awareness courses seem to be the order of the day, according to the report, both for education and compliance. “This not only teaches staff the rules, but also enables managers to automatically maintain records of which staff members have completed a course,” the report notes.

In terms of education, seven in 10 respondents agreed their security knowledge was “adequate”, whilst only one in three thought knowing current security threats should be a prerequisite for a boardroom post.

This leads to some interesting questions; is this because the big execs see this as IT’s domain, or the CTO’s? Misunderstandings on this sort of scale can lead to problems later down the line, especially regarding shadow IT, whereby software is used widescale by employees without being approved by IT first.

What’s your view on the findings? Would you trust your employees more than cybercriminals? in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.