New research has revealed over a third (36%) of IT leaders admit to having disabled security measures on their systems, and a staggering 70% have admitted to reusing systems passwords.
IT leaders have a lot of confidence in their organisation, as 80% say their employees wouldn't fall for a phishing attack. Having said this, 64% of leaders themselves have clicked on phishing traps.
Despite this, a study by Arctic Wolf says that they can be quick to punish others for mistakes, with 27% having witnessed the termination of an employee for falling victim to a scam.
Do as we say, not as we do
The report outlines not just a disconnect between IT leaders and their employees, but also, if you’ll excuse the dramatics, between leaders and reality. Many overestimate their organizations ability to spot phishing attacks, and are overconfident about their cybersecurity.
According to the report, despite their assuredness, 83% of leaders have observed employees clicking on phishing simulation links, and 61% of leaders have reported one or more cybersecurity breaches in the last 12 months.
“Cybersecurity isn't just about technology—it’s about people. As threat actors grow more sophisticated, security leaders must move beyond traditional security training methods and adopt a comprehensive human risk management strategy that will not only help them to better identify and mitigate threats, but more importantly foster a more proactive and security-conscious workforce.” said Adam Marre, chief information security officer, Arctic Wolf.
The threat landscape is evolving fast, and phishing attacks are becoming more sophisticated and more frequent, so overconfidence could leave companies vulnerable. Firms need robust cybersecurity now more than ever, and that requires an honest assessment of risks and vulnerabilities.
More from TechRadar Pro
- Check out our pick of the best endpoint protection software
- C-level executives are a weak point for cybersecurity
- Take a look at our best malware removal software choices