Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
One in three small or medium-sized businesses has been hit by a cyberattack, you say? No worries…
The average cost of data breach jumped to $4.88 million? Everything’s fine...
Over one-third of employees share sensitive work data with AI tools and don’t tell their employers about it? No problemo, team…
The chill vibes in response to today’s data threats just might be coming from the C-suite.
A survey from Protiviti and Oxford University found that 86% of executives are “confident or extremely confident that their company is doing everything it possibly can to protect customer data.” The study, which polled 250 CEOs, board members, CFOs, and other business leaders, also found that only 8% of respondents are “concerned or extremely concerned about their company’s ability to protect customer and client data over the next five years.”
While the survey creators noted that CEOs are the type to hype and would likely not want to bring attention to poor data-protection practices, Sameer Ansari, managing director and leader of Protiviti’s Security and Privacy Practice at global consulting firm Protiviti, sees some breach-free CEOs as more lucky than good, and some of the security close calls, or “near misses,” don’t reach the execs.
“You may have data that may have been exposed accidentally, through a manual mistake that maybe had a really small impact…It wasn’t a big list of individuals that got released,” Ansari told IT Brew.
“Had it been a big list of individuals that got public? That could have been a very big incident for that type of organization. Those types of incidents sometimes don’t make their ways up to executives,” he said.
Humans being. Verizon’s 2024 annual data breach investigation report found that the “human element” (what the company’s senior director of cybersecurity in May called “either an action that a human takes, or a mechanism a human could have avoided to prevent an incident from occurring”) factored into 68% of breaches. (Misconfigurations, for example, accounted for around 10% of breaches, according to Verizon’s study.)
IANS Research and Artico Search found that average security spend growth reached 8% in 2024—up from 6% in the previous year.
Budgets budging. Healthy budgets supporting security programs still require cybersecurity professionals to communicate to execs about those lucky near misses, “and being really transparent about what the risks are, and understanding the maturity of the program,” Ansari said.
“I think there’s a little bit of that lack of communication from, you know, cybersecurity professionals and privacy professionals to their executives in terms of where funding is needed, and using things like board presentations to drive investment, versus trying to paint this picture of ‘Hey, everything’s good.’”