A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.
“CTOs have identified a serious need for cybersecurity education across the enterprise,” LevelBlue says. “As many as 60% believe it is becoming more difficult for employees to discern genuine interactions from fake, which poses a significant threat to defenses. Little wonder that over the next 12 months the top four most likely types of attack all arise from workforce vulnerabilities. For example, 57% say ransomware attacks are imminent, and 50% say the same about business email compromise.”
The researchers also say that workforce security education should be aligned with business goals in order to ensure that the rest of the executive suite understands the benefits.
“The data also shows that better alignment of company leadership on the realities of cyber resilience will be essential to prepare for new and emerging cyber threats,” the report says. “Whereas 42% of CTOs say they are investing significantly in cyber-resilience processes across the business, just 33% of the total sample say the same. This gap indicates the ambitious nature of CTOs’ plans for a more unified organization. To achieve this alignment, CTOs should focus on calibrating cybersecurity risk management with business risk appetite (more than a third describe current measures as stalling or ineffective) and defining metrics and KPIs that connect cybersecurity with business outcomes (33% say current efforts are inadequate).”
