A point of tension between business leaders and IT departments is exposing organizations to security risks. New research shows that executives are pressuring IT administrators to ease off on security protocols when it comes to their devices, fearful that they might expose their personal lives but also because they find obeying security standards a hassle.
Combined research from 300 enterprise IT decision makers across Benelux, France, Germany, the U.K. and the U.S., as well as 50 C-level executives from the U.K. and the U.S, reveals that executives feel frustrated by mobile security protocols and often request to bypass them.
MobileIron asked respondents, “during the last year, how many times have you requested to bypass one of your organization’s security protocols?” Most of them answered positively, with 18% saying once, 28% saying they did so two or three times, 14% up to five times, and 16% more than five times. Only 22% fully understood the risks associated with permissive protocols and refrained from asking IT reps any “favors.” 2% said they didn’t know for sure whether they’d bypassed any security protocols.
The results speak volumes. Bypassing standard procedure is a common practice in the C-suite. But the survey-takers wanted to know the root cause of this syndrome. So they pressed respondents to further elaborate, hoping to uncover the reasoning behind their actions.
Case in point, 68% of C-level executives said they felt IT security compromises their personal privacy. 62% said security limits the usability of their device, and 58% claimed IT security is simply too complex for them.
Of the 76% of executives who admitted to bypassing their organizations’ security protocols last year, 47% requested network access to an unsupported device, 45% sought to bypass multi-factor authentication, and 37% requested access to business data on an unsupported app.
Infosec professionals have long warned that executives at large companies are reckless with their data access privileges, personal devices and security ethics in general. MobileIron’s study backs experts’ fears that executives are sitting ducks for cyber threats like business email compromise (BEC) and traditional phishing scams. 78% of IT decision makers stated that the C-suite is the most likely target of phishing attacks. 71% claimed the C-suite is also the most likely to fall victim to such attacks.
Lastly, 72% of IT decision makers said executives are also the most likely to forget or need help with resetting their passwords.