#Privacy: Research reveals C-Suite executives are weak link in mobile device security

New research by MobileIron identified that C-level executives often request to bypass mobile security protocols. 

The “Trouble at the Top” research, combined research from 300 enterprise IT decision makers across Benelux, France, Germany, the UK and the US, and discovered that 74% of IT decision makers claim C-level executives are the most likely group to ask for relaxed mobile security protocols despite being highly targeted by cyber attacks. 

Over two-thirds (68%) of C-level executives stated that IT security compromises their personal privacy, whilst 62% claimed that security limited the usability of their devices. Over half (58%) of C-level executives stated that IT security is too complex to understand. 

Worryingly, an overwhelming 76% of C-level executives admitted to requesting to bypass one or more of their organisation’s security protocols last year. Of which 47% requested network access to an unsupported device, 45% requested to bypass multi-factor authentication, and another 37% requested access to business data on an unsupported app. 

“These findings are concerning because all of these C-suite exemptions drastically increase the risk of a data breach,” said Brian Foster, SVP Product Management, MobileIron. “Accessing business data on a personal device or app takes data outside of the protected environment, leaving critical business information exposed for malicious users to take advantage of. Meanwhile, MFA – designed to protect businesses from the leading cause of data breaches, stolen credentials – is being side-stepped by C-Suite execs.” 

The study also highlighted how vulnerable C-level executives are to cyber attacks, with 71% of IT decision makers claiming that the C-suite are the most likely group to fall victim to such attacks. 

“These findings highlight a point of tension between business leaders and IT departments. IT views the C-suite as the weak link when it comes to cybersecurity, while execs often see themselves as above security protocols,” said Foster. “In today’s modern enterprise, cybersecurity can’t be an optional extra. Businesses need to ensure they have a dynamic security foundation in place that works for everyone within the organization. This means that mobile security must be easy to use, while also ensuring that employees at every level of the business can maintain maximum productivity without interference, and without feeling that their own personal privacy is being compromised.”


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.