40 Percent of IT Pros Say C-Suite Poses Greatest Risk to Information Security

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to the results of a recent Seclore survey of more than 100 IT professionals in healthcare, financial services and manufacturing, 40 percent of respondents said C-suite executives pose the most serious risk to information security.

The survey, conducted at Citrix Synergy 2016, also found that 29 percent of respondents admitted having put sensitive data at risk for the sake of productivity, and 40 percent said they had retained access to sensitive data after leaving a job.

Fully 69 percent of respondents admitted using file sharing software to share sensitive data with someone outside of their organization. Finance departments are seen as the most likely to share sensitive information across and outside the organization (23 percent), followed by sales (20 percent) and engineering (15 percent).

When asked what the top priorities are of the employees at their organization, 48 percent of respondents listed productivity, followed by convenience at 28 percent and security at 17 percent.

"As organizations continue to push their workforces to increase productivity and raise efficiency, it's not surprising that so many employees confess to taking short-cuts," Seclore CEO Vishal Gupta said in a statement.

A separate CompTIA survey of 500 security professionals recently found that while 90 percent of respondents said security is of greater importance today to their companies than it was two years ago, 47 percent said there's a belief within their company that existing security is "good enough."

For 43 percent of respondents, other technology needs take a higher priority than security. Forty percent cited a lack of security metrics, and 37 percent pointed to a lack of budget dedicated to security.

"It's incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken," Seth Robinson, senior director of technology analysis at CompTIA, said in a statement.

Among companies that admit to having security skills gaps, 53 percent want to be more informed about current threats, and about 40 percent feel a need to improve their awareness of the regulatory environment.

Two thirds of companies are engaged in security training for their employees, and 56 percent are seeking IT security certifications for their technology staff.

"The use of technology has outpaced cybersecurity literacy, so there’s also a growing need for the overall workforce to improve their knowledge and awareness of security issues," Robinson said.

A recent eSecurity Planet article examined the importance of security training.