C-Suite Cybersecurity Gaps, Misconceptions Open Door to Hackers

April 4, 2018 – Press Releases

Fox Rothschild survey reveals most top executives know of risks, but many fall short on prevention

Recent data breaches have exposed shocking quantities of sensitive records and cost companies tens of millions of Dollars to respond and deal with the attendant fallout, but a new survey of top U.S. executives shows companies’ cybersecurity efforts continue to fall short.

With the cost and prevalence of cyberattacks rising, Fox Rothschild LLP commissioned a sweeping, cross-industry survey of chief executives to gauge corporate preparedness.

The results were eye-opening.

Conducted in late 2017, the survey showed top corporate leaders know their companies’ data is at risk but are not taking adequate measures to protect that data.

  • Awareness: More than half of C-level officers surveyed recognized their companies were at high or very high risk of a data breach. Three quarters said they had been hit recently by phishing attacks.
  • Inaction: Despite that, 53 percent of executives admitted their cybersecurity and data privacy budgets are insufficient to respond to a breach. Nearly a third don’t train all their employees on data breach prevention, a basic component of cybersecurity.

“Cyberattacks are growing in frequency and severity,” said Mark McCreary, Fox Rothschild’s Chief Privacy Officer and co-chair of its Privacy and Data Security Practice. “Companies should take steps to manage that risk and prevent breaches, but it requires a clear-eyed, systematic approach.”

Another key finding: While 59 percent were confident or very confident in their companies’ cybersecurity and data privacy programs, just 36 percent spent more than 10 percent of their IT budgets on cybersecurity.

“That’s a little scary,” said McCreary, named a Trailblazer in Cybersecurity by the National Law Journal. “We help large and small companies design and implement comprehensive privacy and data security strategies. As a general rule, 10 percent should be the absolute minimum portion of the IT budget dedicated to security.”

While the survey showed some leaders mistakenly believe their companies had no data of interest to hackers, the reality is every business possesses valuable information, said Elizabeth Litten, Privacy and Data Security Practice co-chair and the firm’s HIPAA Privacy and Security Officer.

“Hackers can convert almost any proprietary data to cash by selling it on the black market, or extracting ransom payments from the companies they attack,” Litten said.

Download the Report

The Fox Rothschild 2018 Chief Executive Cybersecurity and Data Privacy Survey, conducted in the fourth quarter of 2017, provides the perspectives of C-suite officers, more than half of whom are CEOs, at companies across a wide range of industries and sizes. One-third of responses came from executives in the financial services and healthcare industries.