Yes, the cyber threat from criminals and nation states is very real, but when push comes to shove, over 50 percent of businesses consider their own employees the greatest security threat, according to a new survey.
Fifty-four percent of respondents believe insiders are the biggest threat, compared to 27 percent who fear criminals the most, 12 percent state-sponsored cyber attacks and 8 percent competitors, according to the survey conducted by IT Governance.
On top of that, 25 percent of respondents said their business had received a “concerted cyber-attack” in the past 12 months.
That number could actually be higher, as 21 percent of respondents said they do not know whether or not they suffered such an attack, said officials at IT Governance, a UK-based security provider.
The UK government, among many others, has made a concerted effort to make IT security a board-level issue. IT Governance’s survey suggests there is some board level recognition of IT security, but that there is room for improvement.
The majority of respondents (58 percent) said their organization gives the board of directors “regular” report on the state of its IT security. That is an encouraging figure, but for 35 percent of those companies that provide reports, they are filed “less than annually.”
Only 30 percent of respondents said an understanding of IT security is a pre-requisite for a position on the board.
Other findings from IT Governance’s survey include the fact 50 percent of respondents said customers had inquired about their IT security measures in the past 12 months, and 26 percent have lost sleep because of worries about IT security.
IT Governance surveyed 260 respondents, mostly business and IT executives from businesses in the UK and U.S.
Click here to download the survey.