A majority targeted cyber-attacks are successful because of human error, according to the latest study by cybersecurity and compliance company Proofpoint.
The survey, which was conducted by The Economist Intelligence Unit on behalf of Proofpoint, determined ways to help organisations gauge the frequency and severity of people-centric data breaches, and the steps companies are taking to address them.
The study, entitled “Cyber Insecurity: Managing Threats From Within,” surveyed more than 300 corporate executives, including CIOs and CISOs, from North America, Europe, and Asia/Pacific. Respondents overwhelmingly identified people-centric threats as the cause for the most detrimental cybersecurity breaches, which include socially-engineered attacks and human errors, rather than failure of technology or process.
“More than 99 percent of targeted cyber-attacks depend on human interaction to be successful,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “The Economist Intelligence Unit findings reinforce just how important it is for organisations to take a people-centric approach to their security strategy. Security teams need to know exactly who within their organisation is being targeted and why—and educate their people on best security practices. Cybersecurity has clearly evolved into a human challenge as much as a technical challenge.”
“Cyber-attacks are affecting businesses worldwide and Middle East organisations are no exemption. We are committed to continue to support our partners and customers by providing advanced intelligence along with cybersecurity awareness training for better protection against an ever-evolving threat landscape,” said Emile Abou Saleh, regional director, Middle East and Africa for Proofpoint.
The study further highlighted that the majority of executives surveyed (85 percent) agree that human vulnerabilities cause the most detrimental cybersecurity breaches rather than failure of technology or process.
It also revealed that 86 percent of executives surveyed have experienced at least one data breach in the past three years, with well over half (60 percent) having experienced at least four.
Furthermore, the report showed that nearly half (47 percent) say it’s very or extremely likely that they will face a major data breach in the next three years. Only 56 percent of healthcare executives are confident their organisation can prevent, detect or respond to a data breach.
According to the Proofpoint study, the top three ways a data breach disrupted their businesses include: loss of revenue (33 percent), especially at large companies (38 percent); loss of clients (30 percent); and termination of staff involved (30 percent).
A majority of security executives (91 percent) agree that their organisation needs to better understand which cybersecurity measures work best—their focus needs to shift from quantity to quality. Almost all respondents (96 percent) say the board and C-suite strongly support efforts to control cybersecurity risks and 93 percent say the board and C-suite are regularly updated on cybersecurity risks.
Finally, the survey revealed that 82 percent of those surveyed strongly agreed that data breach risk is an essential C-suite priority. They noted that addressing data breaches at the organisational level and alternating human behavior within the organisation are critical steps to mitigating data breaches.