One in five business leaders fear cybersecurity “inside job”

Business leaders worry about the threat from within, with 71% convinced their next big cybersecurity event will be caused by an employee, new survey claims

Mistakes made by staff leading to cybersecurity breaches are feared almost as much as genuine attacks by hackers, according to new research, which also revealed that more than one in five leaders worry an employee may carry out a malicious insider attack.

The survey by EisnerAmper's Outsourced IT Services practice,  found that 71% of respondents worry about accidental internal staff error as one of the top threats facing their companies, while concern about outside hackers was reported as a top threat by 75%. An additional 23% said they worry about malicious intent by an employee, say researchers.

It also found more than half (51%) saying they are only "somewhat prepared," 39% feel "very prepared," six per cent feel they are not at all prepared in their overall cyber defence strategies, and four per cent are unsure. When asked about internal cyber defence, 57% are "somewhat confident," 37% are "very confident," and six per cent are "not at all confident."

The survey points to the need for ever-increasing vigilance via employee training and awareness, along with continued investment in system upgrades and staff. Only half (50%) said they are conducting cybersecurity training regularly. A total of 44% held a training within the prior six months, 25% held a training more than seven months ago, and an alarming 31% said they had never held a single training event.

Hybrid work has exposed cybersecurity threats

Companies surveyed include financial services, real estate, manufacturing and distribution, and technology, with representation from other sectors such as health care, professional services and nonprofits. Most companies are in the annual revenue range of US$50 million to US$500 million and have 10-99 employees.

"A decade ago, business leaders likely equated cybersecurity breaches with external hackers, but the new normal of virtual and hybrid work has exposed a wide array of new cybersecurity threats, many coming from the inside," says Rahul Mahna, Partner and Head of Outsourced IT Services at EisnerAmper. "Businesses need to optimise their resources to ensure they are sparing no proactive measures. 

“An important first step is training staff and refreshing that education at regular intervals. Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly. It's far more efficient to spend up front on education, state-of-the-art software and hardware and, most of all, reliable IT staff who feel a stake in the company's success."

Seventy-one per cent (71%) said they will keep their IT budget the same even during a recessionary economy, 21% said they will decrease their IT budgets, and only 8% expect to increase budgets.

The largest share of respondents (32%) said their annual spend on cybersecurity as a percentage of overall technology outlays was just 1%-3%, while 30% said the budget line was 4%-6%. Just 23% said the spending level was 10% or higher.

"This plays right into the hands of malicious actors," says Mahna. "When times are tough, these criminals expect companies to cut back, essentially leaving doors unlocked. In good times or bad, cybersecurity spending should always remain a top priority that yields significant return in losses avoided."

Businesses are not pulling back on IT staffing in the face of a looming recession, with only five per cent of those surveyed saying they plan to reduce staff, while 24% plan increases. The largest share, 67%, said they will keep staffing the same, and 4% are unsure.

Share
Share

Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security