CEOs Use of Smart Devices Increase Risk of Cyberattack

  • New research finds CEOs are disengaged from cybersecurity policies — 30% are unaware of the volume of attacks on their business and 54% don’t adhere to security teams’ ‘out of office’ security protocol
  • Smart technology puts sensitive information at risk, as CEOs become a major target for hackers and cybercriminals  

SAN JOSE, Calif. – RedSeal, the leader in network cyber risk modeling for hybrid environments, released the results of research that found the lack of CEO-specific security plans, their failure to comply with plans in place and the growing prevalence of unsecure smart devices mean CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks.

The RedSeal research*, which polled senior IT teams up to CIO level, unearthed a number of gaps in cybersecurity protocols and awareness in the C-Suite. Although the research demonstrated that many senior IT professionals have tried to implement CEO-specific cybersecurity plans, more than half (54%) believe their CEO exposes their organization to potential compromise by not following procedure. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

The proliferation of smart devices is a danger to business

With data showing one in five smart devices** have been breached or compromised, along with senior executives who don’t follow cybersecurity measures outside the office, there’s significant risk, or opportunity.

“C-suite executives are ideal targets. They have broad access to their organizations’ network resources yet frequently see themselves as exempt from the inconvenient rules applied to others,” said Dr. Mike Lloyd, CTO of RedSeal. “Combine this with the security lapses prevalent while traveling and in the home, and you have a great opportunity to exploit for commercial or national advantage.”

The risk of cyberattacks is high and business leaders know it. According to the recent Cyber Risk Index (CRI) survey by the Ponemon Institute, “80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year.” It also highlighted a critical gap between data risk and the protection measures businesses have in place noting, “…the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern.”

There is global confusion as to how many cyberattacks businesses have experienced in the last 12 months. For example, the UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas RedSeal’s research reports 81% of senior IT professionals in the UK admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organization.

The research also revealed that 42% of companies don’t have a cyber-response plan in place to inform customers of a security breach, and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. The concept of a perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place from June 19 – 27, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

** Atomik Research conducted an online survey on behalf of RedSeal among 2,004 UK consumers aged 18+ between June 19 – 25, 2019. To read a summary, please click here.