The threats include socially-engineered attacks and human errors, rather than failure of technology or process
People-centric threats are causing the most detrimental cybersecurity breaches, which include socially-engineered attacks and human errors, rather than failure of technology or process, according to Proofpoint-The Economist Intelligence Unit’s study, entitled Cyber Insecurity: Managing Threats From Within.
The study surveyed more than 300 corporate executives, including CIOs and CISOs, from North America, Europe, and Asia/Pacific.
“More than 99% of targeted cyberattacks depend on human interaction to be successful,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “The Economist Intelligence Unit findings reinforce just how important it is for organizations to take a people-centric approach to their security strategy. Security teams need to know exactly who within their organization is being targeted and why—and educate their people on best security practices. Cybersecurity has clearly evolved into a human challenge as much as a technical challenge.”
The Economist Intelligence Unit findings highlight how more than 300 respondents are addressing today’s top threats, the major obstacles that impede implementing best practices, and how organizations are moving forward.
Key insights include:
- The majority of executives surveyed (85%) agree that human vulnerabilities cause the most detrimental cybersecurity breaches rather than failure of technology or process.
- 86% of executives surveyed have experienced at least one data breach in the past three years, with well over half (60%) having experienced at least four.
- Nearly half (47%) say it’s very or extremely likely that they will face a major data breach in the next three years. Only 56% of healthcare executives are confident their organization can prevent, detect or respond to a data breach.
- The top three ways a data breach disrupted their businesses include: Loss of revenue (33%), especially at large companies (38%); loss of clients (30%); and termination of staff involved (30%).
- 91% agree that their organization needs to better understand which cybersecurity measures work best—their focus needs to shift from quantity to quality. Almost all respondents (96%) say the board and C-suite strongly support efforts to control cybersecurity risks and 93% say the board and C-suite are regularly updated on cybersecurity risks.
- Addressing data breaches at the organizational level and alternating human behavior within the organization are critical steps to mitigating data breaches. 82% agree that data breach risk is an essential C-suite priority.