The C-suite is the most likely group within an organization to ask for relaxed mobile security protocols (74%) – despite also being highly targeted by malicious cyberattacks, according to MobileIron.
The study combined research from 300 enterprise IT decision makers across Benelux, France, Germany, the U.K. and the U.S., as well as 50 C-level executives from both the U.K. and the U.S. The study revealed that C-level executives feel frustrated by mobile security protocols and often request to bypass them.
Make security exceptions for the C-suite
- 68% of C-level executives said IT security compromises their personal privacy, while 62% said security limits the usability of their device, and 58% claimed IT security is too complex to understand.
- 76% of C-level executives admitted to requesting to bypass one or more of their organization’s security protocols last year. Of these, 47% requested network access to an unsupported device, 45% requested to bypass multi-factor authentication (MFA) and 37% requested access to business data on an unsupported app.
“These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach,” said Brian Foster, SVP Product Management, MobileIron.
“Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, MFA – designed to protect businesses from the leading cause of data breaches, stolen credentials – is being side-stepped by C-Suite execs.”
C-level execs highly vulnerable to cyberattacks
The study also revealed that C-level execs are highly vulnerable to cyberattacks:
- 78% of IT decision makers stated that the C-suite is the most likely to be targeted by phishing attacks, and 71% claimed the C-suite is the most likely to fall victim to such attacks.
- 72% of IT decision makers claimed the C-suite is the most likely to forget or need help with resetting their passwords.
“These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cybersecurity, while execs often see themselves as above security protocols,” said Foster.
“In today’s modern enterprise, cybersecurity can’t be an optional extra. Businesses need to ensure they have a dynamic security foundation in place that works for everyone within the organization. This means that mobile security must be easy to use, while also ensuring that employees at every level of the business can maintain maximum productivity without interference, and without feeling that their own personal privacy is being compromised.”