Despite understanding the risks, a majority of CEOs and business decision makers do not adhere to enterprise security practices, according to a new survey from Code42.


CEOs and business decision makers (BDMs) say they understand the massive cybersecurity risks facing organizations today. However, that does not stop 75% of CEOs and 52% of BDMs from using applications and programs that are not approved by their IT department, according to a new report from Code42. About half of these professionals said they have experienced a security breach within the last 18 months.

The report, which surveyed more than 800 IT decision makers and 400 BDMs, found that 91% of CEOs and 83% of BDMs acknowledged that their behaviors could be considered a security risk to their organization. So why do it? The vast majority said they use such unauthorized programs to enhance productivity.

“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinized all the way to the CEO,” said Rick Orloff, VP and CSO at Code42, in a press release. “By using unauthorized programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy.”

Half of all corporate data is stored on laptops and desktops, as opposed to the data center or servers, the survey found. And 63% of CEOs said that losing this data would destroy their business. However, once again, awareness of the risk does not change the fact that these leaders are not following security protocol.

SEE: Guidelines for building security policies (Tech Pro Research)

Some 50% of IT decision makers overall said their ability to protect corporate and customer data was vital to their company’s brand and reputation. And while the majority of these professionals did have a laptop and server backup system in place to protect against ransomware attacks, very few (13% and 8%, respectively) have actually tested these backup systems.

Effective security strategies are built on the following three pillars, Orloff said in the release:

  1. Spot risk as soon as possible.“Gaining visibility over where your data is, how it moves and who accesses it could act as an early warning system to alert you to both inside and external threats,” Orloff said.
  2. Bounce back from a breach quickly and efficiently.“Should a breach occur, your internal teams and the backup solutions you have in place need to be tested and ready to face the activity without it looking like a fire drill,” Orloff said.
  3. Recover swiftly.“If your business is to remain competitive, it needs to be able to recover quickly,” Orloff said. “Time is money, and in the modern enterprise, so is data.”