Centrify study finds CEO disconnect weakens cybersecurity


Centrify has reported results of a new research study with Dow Jones Customer Intelligence that reveals a startling misalignment between CEOs and their technical executives which is weakening enterprise cybersecurity.

The report, CEO Disconnect is Weakening Cybersecurity, highlights that CEOs incorrectly focus on malware, creating a misalignment between them and executives with technical expertise that escalates risk and prevents organisations from effectively stopping breaches.

Technical executives on the front lines of cybersecurity, such as CIOs, CTOs and CISOs, point to identity breaches – including privileged user identity attacks and default, stolen or weak passwords – as the largest threat, not malware. As a result, cybersecurity strategies, project priorities, and budget allocations don’t always match up with the primary threats nor prepare companies to stop most breaches.

These findings are particularly relevant to Australia where mandatory Notifiable Data Breach legislation took effect last week and financial institutions earlier this month began implementing real-time payments by customers using the New Payments Platform, inviting greater emphasis on identity protection.

Centrify Senior Director APAC Sales Niall King said the consistency of the US and UK survey results supported their relevance to senior executives in Australia and New Zealand. “This disconnect between senior executives means that investment decisions are frequently caused by misplaced confidence in the ability to protect against breaches, putting organisations at significant risk,” he said.

“While technical executives are more aware of the real risks, they are also frustrated by inadequate security budgets, as spending typically strongly aligns with CEO priorities rather than with actual threats.”

The Centrify study – which surveyed 800 enterprise executives in the US and the UK including CEOs, technical executives, and CFOs – highlights this C-Suite disconnect including that:

  • 62 per cent of CEOs cite malware as the primary threat to cybersecurity, compared with only 35 per cent of technical executives
  • 60 per cent of CEOs invest the most in malware prevention and 93 per cent indicate they already feel “well-prepared” for malware risk whereas only eight per cent of all executives stated that anti-malware endpoint security would have prevented the “significant breaches with serious consequences” that they experienced
  • Only 55 per cent of CEOs say their organisation has experienced a breach, whereas 79 per cent of CTOs acknowledge they’ve been breached. This indicates that 24 per cent of CEOs are not even aware that they have experienced a breach
  • 68 per cent of executives whose companies experienced significant breaches indicate it would most likely have been prevented by either privileged user identity and access management or user identity assurance, and
  • 62 per cent of CEOs state that multi-factor authentication (MFA) is difficult to manage and is not user-friendly, while only 41 per cent of technical executives agree with this assessment.

Centrify CEO Tom Kemp said the report made a strong argument that companies needed to listen more to their technical executives. “While most CEOs view themselves as the primary owners of their cybersecurity strategies, it’s clear that the status quo isn’t working,” he said.

“Business leaders need to rethink security with a Zero Trust Security approach that verifies every user, validates their devices, and limits access and privilege.”

Click here to download a full copy of the CEO Disconnect is Weakening Cybersecurity report. View a YouTube video that summarises the report findings by clicking here. For Centrify media assistance in Australia and New Zealand, call John Harris on +61 414 789 995 or email john@impress.com.au.

About Centrify
Centrify delivers Zero Trust Security through the power of Next-Gen Access. The Centrify Zero Trust Security model assumes that users inside a network are no more trustworthy than those outside the network. Centrify verifies every user, validates their devices, and limits access and privilege. Centrify also utilises machine learning to discover risky user behaviour and apply conditional access — without impacting user experience. Centrify’s Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM). More than 5000 worldwide organisations, including over half the Fortune 100 in the US, trust Centrify to proactively secure their businesses.

About Dow Jones Customer Intelligence
As part of the Dow Jones Customer Engine, the Dow Jones Customer Intelligence Unit conducts both bespoke and secondary research on behalf of our brands and our client’s brands; and through rigorous analysis and our unique perspectives seek to be a trusted source for relevant, timely, and reliable insights.