View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

C-Suite Most Culpable for Sloppy Cyber Security

Cyber security weaknesses fall short throughout organisational levels, but where does the biggest weakness lie?

By CBR Staff Writer

Cyber Security weaknesses are worst at the top.  That’s according to new research by security specialists Bitdefender, which finds that a whopping 75 percent of infosec executives deem management – from the board level down to junior department heads – as most likely to flaunt data security rules.

Some 41 percent of CISOs, CSOs and CIOs meanwhile believe their C-Suite colleagues are the most information security (infosec)-averse among their organisation’s entire demographic.

The research, conducted by Censuswide on behalf of Bitdefender, surveyed 250 CIOs/CISOs/CSOs who have control over IT budgets and influence/make security decisions, in UK-based companies with 500+ employees.

C-Suite Most Culpable for Sloppy Cyber Security

The top management can be blamed for lack of security.

“Our research found that nearly two thirds of CISOs are losing sleep at night about information security threats, but their direct C-Suite colleagues are the biggest culprits when it comes to bending the rules. Infosec execs need to be far tougher at conveying the real life repercussions of poor information security practices, from the board level downwards,” said Liviu Arsene, Global Cybersecurity Analyst at Bitdefender.

Some, as a result, are conducting mock-phishing and social engineering attacks on employees to reinforce the consequences of infosec negligence.

Others are focussing on endpoint security, detection and response (75 percent), closely followed by anti-exploit/memory protection (74 percent).

Infosec tools such as these can serve as a vital layer of defence whilst infosec teams rush to patch software in the event of a global exploit being discovered. Just over half of infosec executives seem confident their organisation could patch corporate devices against a discovered vulnerability within 24 hours (51 percent), the survey found.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
Facts & Figures from the last year
Concerns rise as actions stay the same, McAfee says
UK launches pilot of police backed security certificate

That still leaves nearly half of all organisations needing 25 hours and upwards to patch vulnerabilities.  One specific, and reoccurring, example of a small change infosec executives have enacted has been to increase end-user awareness to the variety of different attack vectors which are currently being exploited by cyber criminals.

“Information security is an ever-evolving and changing process, with advancements in technology not only increasing the threat landscape, but also the protective tools available. A balanced approach to data security, encompassing not only best-in-class infosec solutions, but also surrounding yourself with the right security response team is key for effectively mitigating threats,” concludes Arsene.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU