Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Senior Managers Account for Greatest Information Security Risks: Survey

As organizations search for solutions to protect their networks, data centers, and computer systems, an unexpected threat may be lurking under the surface—senior management.

As organizations search for solutions to protect their networks, data centers, and computer systems, an unexpected threat may be lurking under the surface—senior management.

According to a national survey of 764 information workers, 87 percent of senior managers frequently or occasionally send corporate data to a personal email or cloud account to work remotely, putting that information at a higher risk of being breached.

The survey also found that 58 percent of senior management reported having accidentally sent the wrong person sensitive information, compared to just 25 percent of workers overall.

The survey, released by global investigations, intelligence, and risk services company Stroz Friedberg, found that just 35 percent of respondents said they received regular training and communications on mobile device security from their employers. Additionally, just thirty-seven percent of employees said they received training on social media use, and 42 percent said they received information sharing training.

Corporate managers also put their companies at risk of intellectual property loss if and when they depart the company, the survey found. Fifty-one percent of senior management and 37 percent of mid-level management admitted to taking job-related emails, files, or materials with them when they have left past employers. Only one-fifth of lower ranking employees said they have done so.

“Insiders are by far the biggest risk to the security of a company’s sensitive information, whether it’s a careless executive or a disgruntled employee. When information is compromised, a company’s reputation, customer base, and share price may suffer,” said Michael Patsalos-Fox, CEO of Stroz Friedberg. “Our inaugural information security survey demonstrates that companies need to address high-risk security behaviors within the workplace at all levels with a proactive risk mitigation plan.”

Interestingly, the survey found that overall senior leaders believe their own security efforts are inadequate, as almost half (45 percent) acknowledged that the C-suite and senior leadership themselves are responsible for protecting their companies against cyber-attacks. However, 52 percent of this same group indicated they are falling down on the job, rating corporate America’s ability to respond to cyber-threats at a “C” grade or lower.

The survey also found that rank-and-file workers differ in their opinions about cyber security accountability, with 54 percent of those respondents saying IT professionals are responsible for putting the right safeguards in place.

“The C-suite is responsible for making the right security investment decisions, but beyond that, leadership needs to create a culture in which all employees recognize their own responsibility for keeping information secure,” said Eric Friedberg, Executive Chairman of Stroz Friedberg. “Companies that are proactive in both measures are the most successful in combating and recovering quickly from a cyber attack.”

Risks of BYOD and Cloud Services

Enterprise Mobile Security

The trends of bring-your-own-device (BYOD) and the use of personal online accounts have become prevalent, as workers use their personal smartphones, tablets, and preferred cloud providers to stay productive while at work and out of the office.

Seventy-one percent of survey respondents admitted to frequently or occasionally sending materials to a personal email account or uploading materials to a personal cloud account. For those who admitted doing so, the reason cited most often 37 percent was that they preferred to use their personal computer over their work computer, while 14 percent said it was “too much effort” to bring their work laptop home with them.

“Because employees use their personal smartphones and other powerful technology increasingly in the workplace, it is crucial for companies to update their technology use policies and training programs,” said Ed Stroz, Executive Chairman of Stroz Friedberg, “Training, along with effective policies and ensuring compliance, are a company’s best lines of defense against insider information security threats. It’s an important part of a holistic security approach that recognizes the interdependency of technical and physical security.”

The 2013 Stroz Friedberg “On the Pulse: Information Security Risk in American Business” survey polled 764 information workers who use a computer for their job between October 28 to November 4, 2013. The survey was conducted by KRC Research, an independent research firm. Respondents worked for companies with more than 20 employees.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...