Security mistakes by employees, contractors and other insiders worry business leaders only slightly less than break-ins by hackers breaching public and private sector networks, a new study of more than 100 predominantly C-suite executives said.
What's Keeping Execs Up at Night
The research, conducted by EisnerAmper's Outsourced IT Services, found that seven in 10 business executives fret about insider staff security errors as compared to three in four who are kept up at night worrying about outside hackers. Roughly one in four executives worry about intentional inside jobs. Most companies in the study generate between $50 million to $500 million and have 10-99 employees.
How can managed security service providers guard their client’s networks against inside jobs? Check out the numbers:
- When considering the anticipated hacks that could hit their business, 90% believe their organization is either somewhat prepared or very prepared while only 6% think they are not prepared at all and 4% don’t know. Similarly, when asked about internal defense, 94% are either somewhat confident or very confident of their cyber defense postures. Only 6% are not confident.
- 50% of businesses in the survey said they are conducting cybersecurity training on a regular basis. A total of 44% held a training within the prior six months, 25% held a training more than seven months ago, and 31% said they had never held a single training event.
- 71% said they will keep their IT budget the same even during a recessionary economy, 21% said they will decrease their IT budgets, and only 8% expect to increase budgets.
- 32% said their annual spend on cybersecurity as a percentage of overall technology outlays was just 1%-3%, while 30% said that budget line was 4%-6%. Just 23% said the spending level was 10% or higher.
- Businesses are not pulling back on IT staffing in the face of a slowing economy (and major layoffs), with only 5% of those surveyed saying they plan to reduce staff, while 24% plan increases. The largest share, 67%, said they will keep staffing the same, and 4% are unsure.
Exec Adds Perspective
Offering advice for to all businesses concerned with cybersecurity, Rahul Mahna, EisnerAmper partner and head of outsourced IT services, said:
"Businesses need to optimize their resources to ensure they are sparing no proactive measures. An important first step is training staff and refreshing that education at regular intervals. Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly. It's far more efficient to spend up front on education, state of the art software and hardware and, most of all, reliable IT staff who feel a stake in the company's success."