Business leaders grow concerned about internal cybersecurity breaches

While the threat of a cybersecurity breach from hackers is always on the mind of business leaders, a new survey from EisnerAmper finds that many believe the next breach will come from the inside.

The survey, conducted by EisnerAmper’s Outsourced IT Services, found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their companies, which is just a shade below their concern about outside hackers (75%). Another 23% said they worry about malicious intent by an employee, while 27% are concerned about a breach via a third-party vendor.

“A decade ago, business leaders likely equated cybersecurity breaches with external hackers, but the new normal of virtual and hybrid work has exposed a wide array of new cybersecurity threats, many coming from the inside,” said Rahul Mahna, partner and head of outsourced IT services at EisnerAmper.

Business leaders also revealed worries about the current safety measures, with 51% saying they are only “somewhat prepared,” 39% feeling “very prepared,” and just 6% believing they are not at all prepared in their overall cyber defense strategies.

When asked about internal cyber defense, 57% are “somewhat confident,” 37% are “very confident,” and 6% are “not at all confident.”

“Businesses need to optimize their resources to ensure they are sparing no proactive measures. An important first step is training staff and refreshing that education at regular intervals,” said Mahna. “Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly. It’s far more efficient to spend up front on education, state-of-the-art software and hardware and, most of all, reliable IT staff who feel a stake in the company’s success.”

Just half of respondents said they are conducting cybersecurity training on a regular basis. Seventy-one percent said they plan keep their IT budget the same in the event of a recession, while 21% said they will decrease those budgets, with just 8% planning to increase budgets in that situation.

“This plays right into the hands of malicious actors,” said Mahna. “When times are tough, these criminals expect companies to cut back, essentially leaving doors unlocked. In good times or bad, cybersecurity spending should always remain a top priority that yields significant return in losses avoided.”