Whilst staff tend to stick to the rules imposed by the business, many in more senior roles ask for relaxed mobile security protocols
New research released today from Mountain View, CA-based security platform MobileIron has revealed that the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols, despite this group also being highly targeted by malicious cyber attacks.
Its "Trouble at the Top" study combined research from 300 enterprise IT decision-makers across Benelux, France, Germany, UK, and the US, as well as 50 C-level executives from the UK and the US.
The study showed that over two-thirds (68%) of C-level executives said IT security compromises their personal privacy, and over three in five (62%) said that security limits the usability of their device. Almost three in five (58%) claimed that IT security is too complex to understand.
Over three in four (76%) C-level executives admitted requesting to bypass one or more of their organization's security protocols last year.
Of these, 47% requested network access to an unsupported device, 45% requested to bypass multi-factor authentication (MFA), and 37% requested access to business data on an unsupported app.
One in six (16%) have requested to bypass one of the organization's security protocols over five times, and 14% have made the same request 4-5 times.
The study also revealed that C-level execs are highly vulnerable to cyber attacks. Almost four in five (78%) of IT decision-makers stated that the C-suite is the most likely to be targeted by phishing attacks, and 71% claimed the C-suite is the most likely to fall victim to such attacks.
Almost three in four (72%) IT decision-makers also claimed the C-suite is the most likely to forget or need help with resetting their passwords.
Brian Foster, SVP Product Management, MobileIron said:
"These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach.
Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of.
Meanwhile, MFA -- designed to protect businesses from the leading cause of data breaches, stolen credentials -- is being side-stepped by C-Suite execs."
The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) -- despite also being highly targeted by malicious cyber attacks.
These findings are concerning because all of these C-suite exemptions could drastically increase the risk of a data breach. By relaxing security protocols, the C-suite are opening themselves up to phishing attacks and potentially costing their businesses millions.
If IT views the C-suite as the weak link when it comes to cybersecurity, then executives need to make sure they adhere to IT policies. However, execs often see themselves as above security protocols creating tension between business leaders and IT departments.
Cybersecurity is necessary to prevent attacks, and cannot be seen as an optional extra by the people who make the decisions about the business.
Previous and related coverage
Over one in five Americans feel more worried for their safety after consuming true crime content.
Americans are being impacted by this fraud-filled crisis as bad actor activity escalates.
Although Americans worry about their devices being hacked, most are happy to share their passwords.
With so many large-scale data breaches at major companies, is it possible for brands to regain consumer confidence again?