Of all the cyber-security risks companies must face, the biggest might be right under their noses–senior management. That's the claim of global investigations and risk services company Stroz Friedberg after parsing the results of its latest survey.

As companies look for solutions to protect the integrity of their networks, data centers, and computer systems, “an unexpected threat” emerges from executives, the survey, released on Tuesday, says. It found that 87 percent of senior managers “frequently or occasionally” send work materials to a personal email or cloud account to work remotely, putting that information at a higher risk of being breached. It also found that 58 percent of senior management reported having accidentally sent the wrong person sensitive information, compared to just 25 percent of workers overall.

Corporate managers also put their companies at risk of intellectual property loss when they depart the company, the firm says. Fifty-one percent of senior management and 37 percent of mid-level management admitted to taking job-related emails, files, or materials with them when they have left past employers. Only one-fifth of lower ranking employees have done so.

"Insiders are by far the biggest risk to the security of a company's sensitive information, whether it's a careless executive or a disgruntled employee,” says Michael Patsalos-Fox, CEO of Stroz Friedberg.

The national survey found that many senior leaders believe their own security efforts are inadequate: nearly half acknowledged that the C-suite is responsible for protecting their companies against cyber-attacks, but 52 percent of this same group graded corporate America's ability to respond to cyber-threats at a "C" or lower.

As for employees, 73 percent of those who responded expressed concern that a hacker could gain access to their company's network and steal sensitive, personal records.

A lack of corporate communication and training is cited as a reason that both employees and company leadership engage in potentially risky practices, such as sending materials to a personal email account or cloud account. Only 35 percent of respondents reported receiving regular training and communications on mobile device security from their employers and only 37 percent of employees received training on social media use.

The "On the Pulse: Information Security Risk in American Business" survey polled 764 workers who use a computer for their job. It was conducted online from Oct. 28 to Nov. 4, 2013. All respondents worked for companies with more than 20 employees.

Topics