Business executives are exhibiting worryingly poor security habits, according to new research from Ivanti.
A survey of more than 6,500 executives, security professionals, and office workers shows that leaders’ security practices are often worse than average employees, raising questions about broader organizational security trends.
Despite 96% of leaders saying they are at least moderately supportive of their organization’s cyber security protocols, their practices do not reflect this investment.
The research identified a number of cyber security behaviors among executives, the most frequently targeted employee group, that are particularly concerning.
Almost half (49%) of CXOs were reported to have requested to bypass one or more of their organization’s security procedures in the past year.
One-in-five leaders have shared their work password with someone outside the company, the study found, and 77% use insecure passwords that include birthdays or pet names.
Furthermore, around one-third of executives admitted to accessing unauthorized work files, and two-in-three said they had the ability to edit these files.
Ivanti CEO Daniel Spicer said the study shows many executives underestimate the ever-present dangers they face from threat actors.
“When executives are willing to trade security for usability, they may be underestimating just how lucrative of a target they are for threat actors”.
Ivanti’s study found business leaders often display far worse cyber hygiene than other employee groups. For example, one-third of leaders reported they had clicked on a phishing link, which is four times the rate of other office workers.
CXOs are also three times more likely to share work devices with family members and external freelancers compared to other office workers.
More than one-quarter (27%) of executive respondents said they allow friends and family use their work devices at least monthly.
Execs are embarrassed about password security failings
Executives told Ivanti they are aware of glaringly poor security habits, with leaders typically two times more likely to say past interactions with security teams were “awkward” or “embarrassing”.
Get tips on how to find a platform that empowers Managed Services Providers
The study also found this embarrassment is particularly dangerous as it means executives are four times more likely to resort to unauthorized, third-party tech support services.
“As our work environments have become digital-first it’s impossible to eliminate all risk – but we should eliminate unnecessary risk," Spicer said.
"The continued challenge for security leaders is to obtain organizational buy-in and compliance on cyber mandates – particularly with their peers on the executive team to close human-sized gaps and avoid a double standard being applied to the rest of the workforce” said Spicer.
