Research from by the cyber resiliency expert Mimecast has revealed that around 40% of IT decision makers say that the C-level executives are the weakest link in their organisation’s cyber security operation.
The study, which was conducted in March, also reveals that 38% of IT decision makers believe the CEO undervalues the role of email security to protect the organisation and 40% admit they are unsure whether their CEO can protect themselves from a personal attack. With 90% of cyber attacks starting with email, it’s everyone’s responsibility to take email security more seriously.
Interestingly, employees perform far better when it comes to cyber hygiene in the workplace. With advancing attacks and growing conflict between IT and C-suite, the findings highlight that it is increasingly important that cyber resilience starts from the top for it to be effective.
Other highlights include:
- 49% of respondents say their organisations’ management team is not knowledgeable enough about impersonation attacks
- Almost a third (31%) of IT decision makers report sensitive information was sent via email to the wrong address by a member of the C-suite compared to 22% from employees
40% of IT decision makers also noted that they have seen an increase in email borne attacks over the past 12 months - Over half (53%) of IT decision makers admit their business will suffer a negative impact from an email-borne attack in 2018
- The vast majority of organisations have experienced untargeted phishing attacks (94%), and targeted spear-phishing attacks (92%), with malicious links in the past 12 months
- The volume of spear-phishing attacks and those with malicious links increased by 56% and 51% respectively during this time
- Steve Malone, Director Product Management at Mimecast commented: “These findings highlight how critical it is for the C-suite to be part of every organisation’s cyber education process.
“Part of the problem lies with the distance between IT on the ground and the C-suite but effective cyber resilience starts from the top. Businesses need to ensure there is security expertise on the board of directors and place IT cyber security and cyber resilience into risk mitigation functions. In addition, organisations must benchmark security controls and risk management programmes, recognising that upper management sets the tone of security culture.”