AMU Cyber & AI Editor's Pick

Why CEOs Of SMBs Make Easy Cyber Targets

Pinterest LinkedIn Tumblr

Worried that junior- and mid-level road warriors might make your company vulnerable to a cyberattack? When it comes to digital security, your weakest security link is more likely to be a company leader, according to a new study.

In the C-suite, there’s often a significant gap between the real and perceived risk of cyberthreats, according to the Cyber Mindset Survey conducted recently by Keeper Security of 500 senior decision-makers at small and midsize businesses.

For example, while more than two thirds (67%) of SMBs experienced a cyberattack in the last year, only a small fraction (7%) of CEOs, corporate chairs and owners think a cyberattack is “very likely.” Conversely, nearly half (43%) of top leadership believe an attack is “not at all likely” – higher than any other management group surveyed.

“If you don’t have a cybersecurity mindset at the top, you’re not going to have it at the staff or team level,” says Darren Guccione, CEO and co-founder at Keeper Security. “Cybersecurity software should run on every smartphone, tablet, computer for every single employee in the ecosystem of a business. That’s absolutely of paramount importance because it only takes one endpoint to be breached.”

“About 80 percent of all breaches are the result of weak password security,” says Guccione, referring to a Verizon data breach investigation from 2017. “Hackers know that many people use weak passwords across all of their applications, websites and systems.”

But many companies don’t prioritize password hygiene. Fewer than one in five (18%) companies that have been in business 10 or more years encourage or require employees to update passwords. And CEOs, chairs and owners were the least likely employees to know their own company’s password policies, according to the Cyber Mindset Survey.

Perhaps unsurprisingly, the study revealed some stark generational differences. Nearly one in three (32%) decision-makers under age 34 understand that a cyberattack is “very likely,” compared to only 5 percent of respondents age 55 and older.

When asked about their feelings toward passwords, older decision-makers were more likely to label them as “annoying” or “confusing.” And when asked to name effective data breach prevention methods, older decision-makers often answered with variations of “keep sensitive documents in hard copy” or “don’t put important stuff online.”

Regardless of age or position in a company, every business traveler should follow these cybersecurity protocols:

  • Never use public Wi-Fi. Instead, use your phone’s personal hotspot, which is more secure.
  • When public Wi-Fi is the only option, use a virtual personal network (VPN) to encrypt your online activity.
  • Avoid sharing credentials and logins among multiple employees, especially passwords that are used across multiple platforms. About six in 10 people reuse the same password for all their online services.
  • Use a password security solution, which can be either a password manager for individuals or an enterprise solution.

“At the end of the day, cybersecurity should be part of an overall top-down corporate strategy that originates from the C-level,” says Guccione.



This article was written by Suzanne Rowan Kelleher from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to

Wes O’Donnell is an Army and Air Force veteran and writer covering military and tech topics. As a sought-after professional speaker, Wes has presented at U.S. Air Force Academy, Fortune 500 companies, and TEDx, covering trending topics from data visualization to leadership and veterans’ advocacy. As a filmmaker, he directed the award-winning short film, “Memorial Day.”

Comments are closed.