Study finds disconnect between executives and IT security leaders' optimism and employees' risky behavior
Boston, April 30, 2024–(BUSINESS WIRE)–SMB leaders are investing more time, attention, and budget into cybersecurity, but human factors such as a lack of awareness, training, and consistency I'm reporting it as a nuisance. Policy Compliance. These factors, coupled with gaps in policy and technology, pose significant security and business risks, according to a survey of more than 600 business and IT security managers conducted by LastPass and research firm InnovateMR. continues to produce.
Cyberattacks targeting small organizations have increased significantly in recent years. This is because cybercriminals consider these organizations to be relatively easy targets and potentially earn huge profits through ransomware, phishing, and supply chain attacks. To assess attitudes and behaviors around these trends, LastPass partnered with research firm InnovateMR to survey business and IT security leaders at companies with fewer than 3,000 employees about their password management and cybersecurity practices. I did it. Key findings from the survey include:
-
Both executives and IT leaders perceive the risk to be low. He is one of only 3 in 10 leaders who believes his company faces a very high risk (more than 8 in 10) of cybersecurity issues. Phishing attacks, cloud vulnerabilities, and data loss due to ransomware and malware are expected to be the biggest threats over the next 12 months.
-
Business owners and IT leaders are overly optimistic. Executives (92%) and IT leaders (93%) believe their employees “understand the security expectations” of their jobs, but non-IT leaders clearly are not confident that they understand (only 78%). IT leaders also tend to believe that policy compliance is higher than general business leaders outside of IT security.
-
Policies continue to be broken. Roughly 1 in 5 business leaders admit to circumventing security policies, and 1 in 10 IT security leaders agree. Younger workers (1 in 4) are more likely to violate policies, and Gen Z professionals are twice as likely as other generations to physically write down their passwords (36% vs. 16%).
-
Budgets are increasing. 90% of IT leaders and 80% of non-IT leaders say their organization's focus on cybersecurity has increased in the past year. Additionally, 82% said their cybersecurity budget has increased year-over-year.
-
Password management is key. 73% of IT security leaders say password management is very important to their cybersecurity strategy, and nearly half (47%) report a recent breach due to a compromised password. Also, 81% of leaders report using their manager's password at work (either provided by the company or a personal one of their own choosing).
“It's clear there's an Instagram-versus-reality disconnect when it comes to cybersecurity for small businesses,” said Alex Cox, director of threat intelligence at LastPass. “Awareness is growing, investments are being made, and leaders are confident, but behind the curtain, cultural and policy gaps still leave these organizations vulnerable to attack. We encourage both business and IT security leaders to increase their focus on accountability by: Increasing education and policy enforcement around password management and other proven practices.
The findings were published today in a report titled “SMB Cybersecurity Disconnect: Uncovering the Risks, Challenges and Human Factors to Close the Gap for Small and Midsize Businesses.” Other notable findings reflected in the report include differences in cybersecurity practices across functions and the top cybersecurity needs leaders report over the next five years. Click here for more information and to download a copy of the research report.
additional resources
research method
LastPass commissioned research firm InnovateMR to conduct a study in February and March 2024 examining attitudes and behaviors regarding password management and cybersecurity among small and medium-sized businesses. InnovateMR conducted an online survey of 633 business and IT security leaders at small and medium-sized businesses based in the United States. For the purposes of the study, small businesses were defined as those with 10 to 499 employees, and medium businesses were defined as those with 500 to 2,999 employees. InnovateMR is a leading sampling and survey technology company offering survey programs, international sampling, qualitative and quantitative insights, and customized consulting services.
About LastPass
LastPass is a leader in password and identity management solutions, helping 100,000 businesses and millions of consumers protect their credentials at work and home. Since 2008, LastPass has made logging in easier, more secure, and accessible from virtually any device. Today, LastPass is innovating for a password-free future by supporting next-generation security solutions that address human behavior, such as biometric logins. Learn more at www.lastpass.com and follow us on Facebook, YouTube and LinkedIn. X And Instagram. LastPass is trademarked in the United States and other countries.
View source version on businesswire.com. https://www.businesswire.com/news/home/20240430089039/en/
contact address
media
press@lastpass.com
