Part of an executive team? You might be the biggest security risk to your business

(Image credit: Image credit: Pexels)

New research has found that executive leaders are putting their businesses at risk with much looser security practices than their underlings.

The study from Ivanti found executives are the most likely to be targeted by threat actors, making the possibility of a successful phishing campaign or malware attack even higher.

Do as I say, not as I do

The company's Executive Security Spotlight report examined the security habits of office workers, security professionals and leadership executives from across the globe found that despite increasing support and investment in cybersecurity, 49% of executives have requested to bypass security protocols.

Moreover, executives are three times more likely to share their work devices with friends and family than office workers, and one in three admitted to accessing unauthorized data. But that's not all, 77% use birthdates, pet names, or other easy to remember information in their passwords.

Security professionals within businesses are struggling to combat the risks posed by executives due to a number of factors. Due to over-burdening and under-staffing, almost two thirds (60%) of CISOs said they had experienced burnout in the past 12 months. Combine this with executives frequently violating security protocols under the guise of ‘just-this-once-ism’ and it's understandable why security teams have difficulty improving executive behaviors.

It’s no wonder then, that executives are twice as likely to describe their interactions with their security team as ‘awkward’ and ‘embarrassing’ compared to other office workers. Executives are also four times more likely to use external, often unapproved, tech support rather than consult their own IT team.

The emergence of spear phishing attacks targeting executive level employees has potentially led to an increasing number of executives being targeted by these scams. Almost half (47%) of executives said they had been targeted by a phishing scam in the past 12 months, with 35% of those clicking on a phishing link or sending money to a scammer.

"There's a 100% chance your organization has been phished in the last year. It's the #1 way threat actors get that initial foothold in your network. We need to make sure that we account for that, and don't just assume people will 'know better' or that a phish will be overly obvious," noted Ivanti Chief Security Officer Daniel Spicer.

More from TechRadar Pro

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.