Case Studies

CEOs admit to taking IP

by Mark Rowe

Most business leaders don’t practice what they preach about data security. Most, 72 percent of CEOs admit they’ve taken valuable intellectual property (IP) from a former employer. And near all, 93 percent of CEOs say they keep a copy of their work on a personal device, outside the relative safety of company servers or cloud applications. Yet, 78 percent of CEOs agree that ideas, in the form of IP, are still the most precious asset in the enterprise.

The 2018 Data Exposure Report, includes feedback from nearly 1,700 security, IT and business leaders in the United States, UK and Germany. It was commissioned by Code42, a US information security firm with an office in Maidenhead; and carried out by UK-based Sapio Research.

Jadee Hanson, Code42’s chief information security officer, said: “It’s clear that even the best-intentioned data security policies are no match for human nature. Understanding how emotional forces drive risky behaviour is a step in the right direction, as is recognising ‘disconnects’ within the organisation that create data security vulnerabilities. In a threat landscape that is getting increasingly complex, prevention-only strategies are no longer enough.”

While companies spend to prevent data loss, the research suggests that data remains vulnerable to employee transgressions — and the C-suite is among the worst offenders. A good six in ten of CEOs (63 percent) admit to clicking on a link they shouldn’t have or didn’t intend to, putting their data at risk from malware. Near six in ten, 59 percent of CEOs admit to downloading software without knowing whether it is approved by corporate security. Most business leaders (77 percent) believe their IT department would view this behaviour as a security risk, but they do it anyway.

As for the CISO (chief information security officer), Code42 suggests that the risks boil down to a lack of data visibility:

With the rise of flexible working practices and the digitising of information, 73 percent of security and IT leaders believe that some company data only exists on endpoints. As many as 71 percent of security and IT leaders and 70 percent of business leaders reveal that losing all corporate data held on endpoint devices would be business-destroying or seriously disruptive. While 80 percent of CISOs agree that “you cannot protect what you cannot see,” business leaders think otherwise. The majority of business leaders (82 percent) believe IT can protect data they cannot see.

Among CISOs, 64 percent believe their company will have a breach in the next 12 months that will go public; 61 percent say their company has already experienced a breach in the last 18 months. The threat of cyberattack has led most, 73 percent of CISOs to stockpile cryptocurrency to pay cyber-criminals; of those, most, 79 percent, have paid a ransom.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing