Senior management often contribute most to information security risk: survey

Senior management accounts for the greatest information security risks within organizations, according to a new survey out of the United States from risk services firm Stroz Friedberg.

According to its survey of 764 workers, 87% of senior managers send work materials to a personal email or cloud account to work remotely (either frequently or occasionally), the firm noted.

A significant percentage (58%) also reported having accidentally sent the wrong personal sensitive information, according to the survey. That compares with just 25% of workers overall, the company noted.

Overall, 71% of survey respondents indicated sending themselves company information, often because they prefer working on their own home computers.

Management also creates more potential risk of intellectual property loss, with 51% of senior management and 37% of mid-level management admitting to having taken job-related emails, files or material with them when they left an employer, according to the survey.

Among lower ranking employees, one-fifth admitted to doing the same.

“Insiders are by far the biggest risk to the security of a company’s sensitive information, whether it’s a careless executive or a disgruntled employee. When information is compromised, a company’s reputation, customer base, and share price may suffer,” Michael Patsalos-Fox, CEO of Stroz Friedberg noted in a statement on the survey findings.

“Our inaugural information security survey demonstrates that companies need to address high-risk security behaviors within the workplace at all levels with a proactive risk mitigation plan.”

Nearly half (45%) of senior management did, however, acknowledge that C-level executives and senior leadership are responsible for protecting their firms from cyber attacks, Stroz Friedberg’s survey results suggest.

Still, 52% in that group rated U.S. corporations’ ability to respond to cyber threats as a “C” grade or lower, according to the report. That compares with 54% of lower-level employees, who think IT professionals are responsible for protecting the company.

“The C-suite is responsible for making the right security investment decisions, but beyond that, leadership needs to create a culture in which all employees recognize their own responsibility for keeping information secure,” Eric Friedberg, executive chairman of Stroz Friedberg noted.

“Companies that are proactive in both measures are the most successful in combating and recovering quickly from a cyber attack.”