Managers: poorer cybersecurity awareness

25 November 2023
| No comments
Executives: Awareness of cybersecurity is growing
Advertising

Share post

Over half of German companies have already fallen victim to a cyber attack. According to a survey, senior managers are often more vulnerable to phishing attacks than their employees. The average click rate for managers is 60 percent higher than for other user groups.

Although cybersecurity awareness is increasing among managers, they are still more susceptible to false clicks on phishing emails. According to research from SoSafe, Europe's leading security awareness and training platform, 55 percent of German security leaders say their top management's focus on IT security has increased compared to last year. Cyber ​​risks are becoming more and more present: in the last three years alone, every second German company (58 percent) has fallen victim to a cyber attack.

Advertising

Sensitized managers ensure sufficient security budgets

According to SoSafe's survey, cyber risk awareness among senior management also determines whether necessary resources for IT security are available in a company. That is, whether the company has enough staff and budget to combat potential cyber threats: Organizations whose leadership is aware of cyber risks are 33 percent more likely to have sufficient resources allocated to security concerns than those where Security awareness among management is low. Of organizations with inadequate security budgets, only 21 percent prioritize their security culture.

“It's good to see that senior management awareness of current cyber threats is moving to where we need it to be: senior leaders are becoming more aware of the importance of cybersecurity and how to role model within the company. “This means cybersecurity is finally becoming a board issue,” said Dr. Niklas Hellemann, psychologist and CEO of SoSafe. “This is the only way a company’s employees will internalize the values ​​and safe behavior surrounding the topic of cybersecurity.”

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Executives are more likely to click on malicious links

Raising awareness among top management is necessary to make cybersecurity an essential part of the corporate culture. This also becomes important in terms of the actual risk: SoSafe data shows that management is more susceptible to clicking on phishing links than their employees. The average click rate for managers is 60 percent higher than for other user groups. However, the data also shows that managers are also more likely to report suspicious emails (20 percent) than employees (8 percent).

“Executives are an attractive target for cybercriminals because they have the highest clearance levels and decision-making power. Among other things, there is a risk that hacker groups will use the stolen information to impersonate executives, for example in the form of so-called CEO fraud or other AI-based attacks. This makes it all the more important for management to set a good example and be a role model for the rest of the team – and thereby protect themselves.”

Methodology:

The Human Risk Review includes data from a survey conducted in collaboration with Censuswide, an international market research firm. More than 1.000 security managers from six European countries (Germany, Great Britain, Austria, Switzerland, the Netherlands and France) were interviewed in February 2023.

In addition, exclusive data from the SoSafe Awareness platform was evaluated anonymously: More than 8,4 million simulated phishing attacks from 3.000 customer organizations from 2022 were analyzed. Data from the annual phish test carried out by SoSafe and Botfrei was also used. In 2022, over 9.000 simulated phishing emails were sent to registered users, which were classified as moderately serious in the simulation and had to be recognized by the user.

Go directly to the report on SoSafe-Awareness.com

 

About SoSafe
SoSafe helps organizations build their security culture and mitigate risk with its GDPR-compliant awareness platform. 2018 by Dr. Founded by Niklas Hellemann, Lukas Schaefer and Felix Schürholz, SoSafe now has more than 4.000 customers worldwide and is one of the leading providers of security awareness and training in Europe. With behavioral psychology elements and smart algorithms, SoSafe enables personalized learning experiences and attack simulations that motivate and train employees to actively protect themselves from online threats.

 

Matching articles on the topic

Passkeys: Efficient management supports CISOs

New security passkey management solution supports organizations with secure authentication, offering IT complete control over the entire lifecycle ➡ Read more

These are the most important security vulnerabilities and attack techniques

The number of reported security vulnerabilities increased by 2024 percent in 38. With the increasing dependence on software systems, the ➡ Read more

DORA: How financial companies are meeting the challenges

The Digital Operational Resilience Act (DORA) was passed to address the increasing cyber threats in the financial industry and to ➡ Read more

NIS-2 has failed – waiting is still not an option

While other EU countries have long since established clear guidelines for NIS-2, implementation in Germany has failed for the time being. This means that parts ➡ Read more

Policy compliance: Risk assessment is the first step

The implementation of national and European cybersecurity directives can be burdensome for companies and thus affect compliance. ➡ Read more

AI features to predict and prevent IT problems

The manufacturer of an AI-powered observability platform announced an extension of its AI engine Davis AI, which will help companies go beyond reactive AIOps ➡ Read more

SaaS breaches have tripled

Last year, all industries were affected by SaaS breaches, with the overall number of attacks increasing by 300 percent. ➡ Read more

Threat data as a feed: A head start for cyber defense

[wpcode id="17192"] Only when the security solution is fed with current threat data can cyber defense gain a significant advantage. Many companies use ➡ Read more

 

PR News
, , , , , ,