Centrify revealed results of a new research study with Dow Jones Customer Intelligence, “CEO Disconnect is Weakening Cybersecurity,” which reveals that a misalignment between CEOs and Technical Officers is weakening enterprise cybersecurity postures.
The report highlights that CEOs are incorrectly focused on malware, creating misalignment within the C-suite, which results in undue risk exposure and prevents organizations from effectively stopping breaches. Technical Officers (CIOs, CTOs and CISOs) on the front lines of cybersecurity point to identity breaches — including privileged user identity attacks and default, stolen or weak passwords – as the biggest threat, not malware. As a result, cybersecurity strategies, project priorities, and budget allocations don’t always match up with the primary threats nor prepare companies to stop most breaches.
The study — a survey of 800 enterprise executives including CEOs, Technical Officers, and CFOs – highlights that: 62% of CEOs cite malware as the primary threat to cybersecurity, compared with only 35% of Technical Officers; Only 8% of all executives stated that anti-malware endpoint security would have prevented the “significant breaches with serious consequences” that they experienced; 68% of executives whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance.
“While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their Technical Officers,” said Tom Kemp, CEO of Centrify. “It’s clear that the status quo isn’t working. Business leaders need to rethink security with a Zero Trust Security approach that verifies every user, validates their devices, and limits access and privilege.”
“The traditional security model of using well-defined perimeters between ‘trusted’ corporate insiders and ‘untrusted outsiders’ to protect assets has evolved with the advent of cloud, mobile and IoT. Yet most enterprises continue to prioritize spending on traditional security tools and approaches,” said Garrett Bekker, Principal Security Analyst at 451 Research. “Centrify’s research reveals that a primary reason for conflicting cybersecurity strategies and spending is that C-level executives and technical managers don’t always see eye-to-eye regarding security priorities, and a misaligned C-Suite can put the organization at risk. Modern organizations need to rethink their approach and adopt a framework that relies on verifying identity rather than location as the primary means of controlling access to applications, endpoints and infrastructure.”