Forget ransomware and phishing attacks — CTOs rate human error as their number one security risk

Young Colleagues Working on Computers and Talking at a Workplace
(Image credit: Shutterstock)

New research shows that human error is still widely regarded as the main threat to business security, and that's straight from the horse's mouth.

Despite 90% of CTOs deploying multi-factor authentication, and 91% using identity access management technology for company security, over half (59%) said that human error is the biggest threat to their organization.

Humans were ranked above both ransomware attacks (48%) and phishing attacks (40%).

The research, conducted by STX Next, surveyed over 500 CTOs across the globe and found that while only a quarter (24%) believed that security was the biggest challenge facing their organization, human error was definitely a major concern.

More worryingly however, less than half (49%) of the companies involved in the study said that they had a cyber insurance policy in place, with less than six in ten (59%) implementing a ransomware protection solution within their organization.

The use of in-house security teams is worrying low, with just 36% of companies surveyed having a dedicated department for security services. Speaking on the findings, STX Next CISO, Krysztof Olejniczak said, “Despite deployment of comprehensive technology, poor implementation, substandard support processes or lack of governance can render these efforts useless.

“In recent years, the frequency and severity of cyberattacks across all industries has risen extraordinarily, and employees are often carrying the burden of being an organisation’s first line of defence,” he continued.

“While the threat of ransomware remains high, in many cases, cybercriminals aren’t in fact relying on incredibly advanced and sophisticated methods of attack, but on human error and social engineering techniques to gain access to an organisation’s systems.”

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.