Press Release

Human Error: The leading cybersecurity concern for CTOs

Tue 27 Feb 2024

More than half (59%) of Chief Technology Officers (CTOs) consider human error as the most significant cybersecurity threat to their organisations, according to a new study by STX Next.

This risk, emanating from actions such as downloading malware-infected attachments or the use of weak passwords, is viewed as more threatening than ransomware (48%) and phishing attacks (40%).

Adaptive Strategies Against Cyber Vulnerabilities

To counter these vulnerabilities, CTOs are employing a variety of defensive measures.

A notable 94% of organisations have implemented multi-factor authentication (MFA), and 91% are utilising identity access management (IAM) technology.

Additionally, security information and event management (SIEM) technology is being used by 58% of firms, and 86% have adopted single sign-on (SSO) solutions.

These steps reflect the comprehensive tactics organisations are adopting to shield themselves from the vulnerabilities introduced by human error.

Insights from STX Next’s 2023 Global CTO Survey

The 2023 Global CTO Survey by STX Next, which surveyed 500 CTOs across the globe, offered additional insights:

  • Almost a quarter (24%) of CTOs identified security as their organisation’s biggest challenge, placing it fourth overall.
  • Despite an increasing threat landscape, only 49% of the surveyed companies have a cyber insurance policy.
  • Currently, 59% of businesses have a ransomware protection solution in place.
  • Only 36% of companies boast an in-house security team, while 53% opt for external specialised security services.

Krzysztof Olejniczak, CISO at STX Next, highlighted the ongoing challenge posed by human error in cybersecurity. He pointed out that despite the comprehensive deployment of technology, the effectiveness of these measures could be compromised by poor implementation, inadequate support processes, or lack of governance.

“In recent years, the frequency and severity of cyberattacks across all industries has risen extraordinarily, and employees are often carrying the burden of being an organisation’s first line of defence,” said Olejniczak.

Olejniczak stressed the importance of not solely relying on technological defenses but also on educating employees and conducting regular tests to mitigate the risks posed by social engineering tactics and human error.

He advocates for management teams to prioritize staff education on recognising and responding to new threats and to periodically test their resilience through simulated attacks. Such practices, alongside the implementation of security solutions like MFA, IAM, and SSO, are crucial in bolstering defenses against human error.

Olejniczak also touched on the challenges smaller companies face in establishing dedicated security teams, underscoring the trend towards specialised cybersecurity services or providers.

“The smaller a company is in headcount or revenue, the less likely it is to have a dedicated security team. This is why more businesses are accessing the services of specialised cybersecurity solutions or providers in the form of vCISO services,” added Olejniczak.

He concluded by emphasising the critical need for organisations, irrespective of their size, to actively safeguard themselves and their supply chains from cyberthreats through well-rounded security strategies and practices.

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Send us a correction Send us a news tip