Half of Execs Request Security Bypass Over Past Year

Written by

Nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do.

Ivanti polled over 6500 executive leaders, cybersecurity professionals and office workers in organizations around the world to compile its 2023 Executive Security Spotlight report.

It found that although 96% of leaders say they are at least moderately supportive and invested in their organization’s cybersecurity, the reality is that many seek workarounds and executive exceptions which could drive-up cyber-risk.

Specifically, the report found that:

  • A fifth of executives have shared their work password with someone outside the company
  • Over three-quarters (77%) use easy-to-remember passwords, including birth dates or pet names
  • The C-suite is three times more likely than regular workers to share work devices with unauthorized users, like friends, families and external freelancers
  • A third of executives admit to accessing unauthorized work files and data, and nearly two-thirds say they could have edited those files/data when accessing them

Read more on threats to senior executives: C-Suite Under Attack as Money and Data Drive Breaches

Executives are also twice as likely as regular workers to say their latest interactions with IT security were “awkward” or “embarrassing,” and therefore four times more likely to resort to external, unapproved tech support, Ivanti found.

The vendor’s chief security officer, Daniel Spicer, warned that senior leaders may be underestimating how attractive a target they present to threat actors.

“As our work environments have become digital-first it’s impossible to eliminate all risk – but we should eliminate unnecessary risk,” he added.

“The continued challenge for security leaders is to obtain organizational buy-in and compliance on cyber mandates – particularly with their peers on the executive team – to close human-sized gaps and avoid a double standard being applied to the rest of the workforce.”

What’s hot on Infosecurity Magazine?