Human factor is significant cyber risk for smaller businesses

Human factors, including lack of awareness, training and inconsistent policy adherence, are getting in the way of cybersecurity for smaller businesses.

A new survey of more than 600 business and IT security managers conducted by LastPass and survey research firm InnovateMR shows that cyberattacks targeting smaller organizations have increased significantly in recent years, as cyber criminals have learned these organizations are relatively easy targets.

But despite this only three out of 10 leaders surveyed believe their company faces a very high risk (rated at more than eight out of 10) of having a cybersecurity issue. Phishing attacks, cloud vulnerabilities and data loss from ransomware or malware are seen as top threats in the next 12 months.

There's a wider tendency to optimism too, executives (92 percent) and IT leaders (93 percent) believe employees 'understand the security expectations' for their jobs, while non-IT leaders are decidedly less confident that employees understand (only 78 percent).

Yet roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. Younger workers (one in four) are more likely to break policies -- and Gen Z professionals are twice as likely as other generations to physically write down passwords (36 percent v 16 percent).

Password management is seen as key, with 73 percent of IT security leaders saying password management is critically important to cybersecurity strategy, with nearly half (47 percent) reporting recent breaches due to compromised passwords. 81 percent say they use a password manager at work.

"It's clear there's an 'Instagram vs. reality' type of disconnect when it comes to cybersecurity at small and midsize companies," says Alex Cox, director of threat intelligence at LastPass. "Awareness is increasing, investments are being made, and leaders are feeling confident -- but, behind the curtain, culture and policy gaps leave these organizations vulnerable to attack. We encourage both business and IT security leaders to step up their focus on accountability with better education and policy enforcement around password management and other proven practices."

On a positive note 90 percent of IT leaders and 80 percent of non-IT leaders say their organizations increased attention paid to cybersecurity in the past year and 82 percent have increased budgets.

You can get the full report from the LastPass site.

Photo Credit: sukiyaki/Shutterstock