Seventy-five percent of CEOs admit to using applications or programs that aren't approved by their IT department, even though 91 percent acknowledge that such behavior could present a security risk to their organization, a recent Code42 survey of 801 IT decision makers (ITDMs) and 404 business decision makers (BDMs) found.
Fully 63 percent of CEOs say losing corporate data would destroy their business, and 50 percent say their ability to protect corporate and customer data is vital to their company's brand and reputation.
"Modern enterprises are fighting an internal battle between the need for productivity and the need for security -- both of which are being scrutizined all the way to the CEO," Code42 vice president and CSO Rick Orloff said in a statement. "By using unauthorized programs and applications, business leadership is challenging the very security strategies they demanded to be put in place."
Keeping Data Secure
Still, ITDMs said 50 percent of all corporate data in the enterprise is held on laptops and desktops, rather than in the data center of centralized servers.
And while the majority of ITDMs have laptop (86 percent) and server (95 percent) backup in place, 13 percent and 8 percent, respectively, have not tested their laptop or server backup programs.
Forty-eight percent of respondents said their company has been breached in the last year -- and 88 percent of enterprise ITDMs and 83 percent of BDMs believe their companies will have to improve their breach remediation within the next 12 months.
Enterprise security, Orloff said, should be built on three key pillars. "First, you have to be able to spot risk sooner," he said. "Gaining visibility over where your data is, how it moves and who accesses it could act as an early warning system to alert you to both inside and external threats."
"Second, the enterprise as a whole always needs to be able to bounce back quickly and efficiently," Orloff added. "Should a breach occur, your internal teams and the backup solutions you have in place need to be tested and ready to face the activity without it looking like a fire drill."
"Finally, if your business is to remain competitive, it needs to be able to recover quickly," he said. "Time is money, and in the modern enterprise, so is data."
$4 Million Breaches
A separate SailPoint survey of 600 senior IT decision makers found that 67 percent reported being breached in 2016, with an average material impact to the business of $4 million -- and 51 percent suffered two or more breaches in the last 12 months.
Three in five respondents expect to be breached in 2017, and 33 percent believe they won't even know they were breached when it happens.
Sixty percent of respondents are concerned about proper visibility into who has access to what across their corporate network, and 73 percent admitted that if their CEO's email was hacked, they wouldn't immediately know what their exposure points were.
SailPoint CMO Juliette Rizkallah said in a statement that the survey findings show that corporations are actively considering how to mitigate their risk and how to minimize their exposure when a breach occurs. "This is a positive change, as fostering open conversations and best practices will only benefit these organizations when they find themselves in the unfortunate position of being breached," she said.