Antivirus company Bitdefender reported something important. Here is their blog post of July 17, 2003.
"Even though hacks and cyber criminality cost companies plenty of cash and sensitive data, the employee remains the weakest link in the business ecosystem, new Boardroom Cyber Watch Survey 2013 finds.
"Human error, though mostly unintentional, appears to be the main cause of security incidents that result in data loss. IT Governance reported that 54% of the interviewed “senior executives” think their own employees represent the biggest threat to cyber security, as opposed to 27 per cent who think that hackers pose the greatest risk. 12 per cent fear state sponsored attacks and 8 percent their corporate rivals.
"Companies are not ignorant of the risks: 77 per cent of bosses told us that their organization has a method for detecting and reporting attacks or incidents. However, in the boardroom, many companies still appear too removed from the action for directors to meet their governance obligations" Alan Calder of IT Governance says.
"Of all participants in the study, 25 percent of the institutions have experienced at least one security incident in the past 12 months. But only 30 per cent of the respondents believe that employers and board members understand the gravity of IT security threats.
Problematic is that some companies are not even aware that they were victims of a cyber-attack or data loss, while others deliberately choose not to make such incidents public for fear of reputation issues and possible bankruptcy.As a solution, Alan Calder said "the best way for organizations to prove their cyber security credentials is to comply with, and be certificated against, ISO 27001, the global best practice standard for information security management.
This lets you signal to customers anywhere in the world that you have a robust method for addressing the entire range of risks associated with systems, people and technology."
Here is the Bitdefender blog post: