Part of an executive team? You might be the biggest security risk to your business

CEO thought leader
(Image credit: Image credit: Pexels)

New research has found that executive leaders are putting their businesses at risk with much looser security practices than their underlings.

The study from Ivanti found executives are the most likely to be targeted by threat actors, making the possibility of a successful phishing campaign or malware attack even higher.

The shocking discrepancy between the security protocols practiced by cybersecurity professionals and their executive leadership can have real consequences.

Do as I say, not as I do

The company's Executive Security Spotlight report examined the security habits of office workers, security professionals and leadership executives from across the globe found that despite increasing support and investment in cybersecurity, 49% of executives have requested to bypass security protocols.

Moreover, executives are three times more likely to share their work devices with friends and family than office workers, and one in three admitted to accessing unauthorized data. But that's not all, 77% use birthdates, pet names, or other easy to remember information in their passwords.

Security professionals within businesses are struggling to combat the risks posed by executives due to a number of factors. Due to over-burdening and under-staffing, almost two thirds (60%) of CISOs said they had experienced burnout in the past 12 months. Combine this with executives frequently violating security protocols under the guise of ‘just-this-once-ism’ and it's understandable why security teams have difficulty improving executive behaviors.

It’s no wonder then, that executives are twice as likely to describe their interactions with their security team as ‘awkward’ and ‘embarrassing’ compared to other office workers. Executives are also four times more likely to use external, often unapproved, tech support rather than consult their own IT team.

The emergence of spear phishing attacks targeting executive level employees has potentially led to an increasing number of executives being targeted by these scams. Almost half (47%) of executives said they had been targeted by a phishing scam in the past 12 months, with 35% of those clicking on a phishing link or sending money to a scammer.

"There's a 100% chance your organization has been phished in the last year. It's the #1 way threat actors get that initial foothold in your network. We need to make sure that we account for that, and don't just assume people will 'know better' or that a phish will be overly obvious," noted Ivanti Chief Security Officer Daniel Spicer.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.