New findings from a survey of over 100 global cybersecurity leaders across all major industries sheds light on the apathy around needed proper cyber hygiene in their own lives.

If the head of your cybersecurity program doesn’t care about cyber hygiene, how can you expect them to provide solid leadership to direct your organization to a more secure state?

In what appears to be a case of “do as I say and not as I do”, new data from HelpNetSecurity shows how cyber leaders aren’t taking their own medicine:

  • 24% of cyber leaders have used the same password for both work and personal use
  • 45% put themselves and their organization at risk by connecting to public WiFi without using a VPN
  • 48% use their work computer to log on to social network platforms and of those, 77% accept connection requests from unknown individuals

All this, while those very same individuals have personally experienced attacks. According to the same report:

  • 74% of cyber leaders reported being targeted in a phishing or vishing attack in the last 90 days
  • 34% say they have been targeted in a phishing or vishing attack from someone impersonating their CEO
  • 57% have suffered an account takeover attack in their personal lives

This should be very disconcerting; we need leadership, well… leading by example. Perhaps cybersecurity leadership need to take a refresher course. Or better yet, make sure they, too, are continually enrolled in Security Awareness Training where the basic concepts of cyber hygiene are reinforced.