C-level executives are the weakest cyber security link

5th June 2018
Source: Mimecast
Posted By : Joe Bush
C-level executives are the weakest cyber security link

Research from by the cyber resiliency expert Mimecast has revealed that around 40% of IT decision makers say that the C-level executives are the weakest link in their organisations cyber security operation.

The study, which was conducted in March, also reveals that 38% of IT decision makers believe the CEO undervalues the role of email security to protect the organisation and 40% admit they are unsure whether their CEO can protect themselves from a personal attack. With 90% of cyber attacks starting with email, it’s everyone’s responsibility to take email security more seriously.

Interestingly, employees perform far better when it comes to cyber hygiene in the workplace. With advancing attacks and growing conflict between IT and C-suite, the findings highlight that it is increasingly important that cyber resilience starts from the top for it to be effective.

Other highlights include:

  • 49% of respondents say their organisations’ management team is not knowledgeable enough about impersonation attacks
  • Almost a third (31%) of IT decision makers report sensitive information was sent via email to the wrong address by a member of the C-suite compared to 22% from employees
  • 40% of IT decision makers also noted that they have seen an increase in email borne attacks over the past 12 months
  • Over half (53%) of IT decision makers admit their business will suffer a negative impact from an email-borne attack in 2018
  • The vast majority of organisations have experienced untargeted phishing attacks (94%), and targeted spear-phishing attacks (92%), with malicious links in the past 12 months
  • The volume of spear-phishing attacks and those with malicious links increased by 56% and 51% respectively during this time

Steve Malone, Director Product Management at Mimecast commented: “These findings highlight how critical it is for the C-suite to be part of every organisation’s cyber education process.

“Part of the problem lies with the distance between IT on the ground and the C-suite but effective cyber resilience starts from the top. Businesses need to ensure there is security expertise on the board of directors and place IT cyber security and cyber resilience into risk mitigation functions. In addition, organisations must benchmark security controls and risk management programmes, recognising that upper management sets the tone of security culture.”


You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

European Microwave Week 2019
29th September 2019
France Porte De Versailles Paris
Connected World Summit 2019
22nd October 2019
United Kingdom The Business Design Centre, London
IoT Solutions World Congress 2019
29th October 2019
Spain Barcelona