C-Suite executives are the least likely to comply with organisational cybersecurity policy, according to a new study. The report from Bitdefender found that these executives are either pushing back on policies designed to protect them or completely disregarding the rules.
Little wonder then that the same survey found six in every ten businesses have experienced a breach in the last three years.
At least a third of infosec professionals (36 per cent) whose employers had not recently been a victim of a cyber-attack also believe that it is likely they’re currently facing an attack and have no knowledge of it, the authors wrote.
As Which-50 has reported in the past, “While it often seems that companies skate through major breaches of consumer trust with little more than a short-term blip to cash flow or market capitalisation, the evidence suggests that the negative impacts may be more long-lasting and serious. And not just to the executives who lose their jobs — ultimately it looks like shareholders are the ones going for the biggest row.”
That’s because dividends drop as companies have to reinvest significant resources into basic security hygiene. R&D spending also declines in companies with major breaches, we reported.
Bitdefender claims the results of its study points to an ongoing lack of respect among Australia’s C-suite, many of whom feel they have their security policies in check.
The survey also suggested, by the end of July 2019 a quarter of infosec professionals revealed that the company they work for had suffered a data breach. These findings, and more, are revealed today in Bitdefender’s global Hacked Off! Study.
It explores, in detail, the pressures faced by infosec professionals, how these impact the effectiveness of security measures, as well as also analysing the best strategies to keep organisations safe.
The study takes into account the views and opinions of more than 6,000 infosec professionals, across the UK, US, Australia, New Zealand, Germany, France, Italy and Spain. Respondents represent a broad cross-section of organisations from SMEs, through to publicly listed enterprises with a workforce of over 10,000+ covering a diverse variety of industry that included the finance, government and energy sector.
Against the backdrop of an increasingly complex and fast-moving threat landscape, infosec professionals are acutely aware of the risks their organisations face. Over two in five (43 per cent) report that they are kept awake at night worrying about their organisation’s cybersecurity. More than half (58 per cent) are also worried about the readiness of their organisation in dealing with a global cyberattack.
Furthermore, infosec professionals are suffering from breach fatigue. On average, over half (53 per cent) of endpoint detection and response alerts are false alarms, and 49 per cent of infosec professionals say their team experience both alert and agent fatigue. Their stress levels are high. This is compounded by the belief that 73 per cent of them think their organisation is more at risk of a cyber-attack because they are under-resourced. This is higher (78 per cent) for companies employing more than 1,000 people.
“According to respondents, resources are such a stressor that 17 per cent of infosec professionals have contemplated leaving their job due to under-resourcing in terms of staff. Resources are in fact such a bugbear that infosec pros say the main obstacles to their organisations’ strengthening their cybersecurity posture are a lack of budget and a lack of skilled personnel,” said Liviu Arsene, Senior E-Threat Analyst at Bitdefender.