Survey: Human Factors Create Significant Cybersecurity Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment
April 30 2024 - 7:30AM
Business Wire
Survey Finds Disconnect Between Executive and
IT Security Leader Optimism and Risky Employee Behavior
Small and medium-sized business (SMB) leaders report that they
are investing more time, attention, and budget on cybersecurity,
but human factors are getting in the way – including lack of
awareness, training and inconsistent policy adherence. Together
with policy and technology gaps, these factors continue to create
significant security and business risks, according to a survey of
more than 600 business and IT security managers conducted by
LastPass and survey research firm InnovateMR.
Cyber-attacks targeting smaller organizations have increased
significantly in recent years, as cyber criminals view these
organizations as relatively easy targets—and a potential path to
large profits via ransomware, phishing and supply chain attacks. To
gauge attitudes and behaviors around these trends, LastPass
partnered with research firm InnovateMR to survey business and IT
security leaders at companies with fewer than 3,000 employees
regarding their password management and cybersecurity practices.
Key findings from the survey include:
- Both executive and IT leaders perceive low risks. Only
three in 10 leaders believe their company faces a very high risk
(8+ out of 10) of having a cybersecurity issue. Phishing attacks,
cloud vulnerabilities and data loss from ransomware or malware are
seen as top threats in the next 12 months.
- Executives and IT leaders are overly optimistic.
Executives (92%) and IT leaders (93%) believe employees “understand
the security expectations” for their jobs, while non-IT leaders are
decidedly less confident that employees understand (only 78%). IT
leaders also tend to believe adherence to policies is higher than
their general business, non-IT security peers.
- Policies are still being broken. Roughly one in five
business leaders admits to circumventing security policies, as do
one in 10 IT security leaders. Younger workers (one in four) are
more likely to break policies – and Gen Z professionals are twice
as likely as other generations to physically write down passwords
(36% v 16%).
- Budgets are increasing. 90% of IT leaders and 80% of
non-IT leaders say their organizations increased attention paid to
cybersecurity in the past year. 82% also said their firms have
increased cybersecurity budgets year over year.
- Password management is key. 73% of IT security leaders
say password management is critically important to cybersecurity
strategy, with nearly half (47%) reporting recent breaches due to
compromised passwords. And 81% of leaders report using a password
manager at work – either company provided or a personal one of
their choice.
“It’s clear there’s an ‘Instagram vs. reality’ type of
disconnect when it comes to cybersecurity at small and midsize
companies,” said Alex Cox, director of threat intelligence at
LastPass. “Awareness is increasing, investments are being made, and
leaders are feeling confident—but, behind the curtain, culture and
policy gaps still leave these organizations vulnerable to attack.
We encourage both business and IT security leaders to step up their
focus on accountability with better education and policy
enforcement around password management and other proven
practices.”
Survey results were released today in a report titled, “SMB
Cybersecurity Disconnect: Uncovering the Risks, Challenges and
Human Factors to Close the Gap for Small and Midsize Businesses.”
Other noteworthy findings reflected in the report include
differences in cybersecurity practices between job functions, as
well as leaders’ top reported cybersecurity needs for the next five
years. For more information and to download a copy of the research
report, click here.
Additional Resources
- LastPass Labs Blog: Strategies for SMB Leaders Facing the
Cybersecurity Disconnect
- Infographic: SMB Cybersecurity Disconnect
Research Methodology
LastPass commissioned research firm InnovateMR to conduct a
survey in February and March 2024 exploring attitudes and behaviors
around password management and cybersecurity within small
businesses and mid-market companies. InnovateMR conducted an online
survey of 633 U.S.-based business and IT security leaders in small
and mid-market firms. For the purposes of the survey, a small
business was defined as having 10-499 employees, and a mid-market
company was defined as having 500-2,999 employees. InnovateMR is a
leading sampling and research technology company that provides
survey programming, international sampling, qualitative and
quantitative insights, and customized consultation services.
About LastPass
LastPass is a leader in password and identity management
solutions that helps 100,000 businesses and millions of consumers
secure their credentials at work and at home. Since 2008, LastPass
has made logins easier, more secure, and accessible across
virtually any device. Today, LastPass innovates for a passwordless
future by supporting next-generation security solutions that
respond to human behavior, including biometric logins and beyond.
Learn more via www.lastpass.com and follow us on Facebook, YouTube,
LinkedIn, X and Instagram. LastPass is trademarked in the U.S. and
other countries.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240430089039/en/
Media press@lastpass.com