Human Error Continues as Leading Cause of IT Security Incidents, Reveals 2nd Annual CIO&Leader SET Survey
- Phishing Attacks Emerge as the Most Severe Threat; Data Loss, Financial Impacts, and Vendor Dependence Surge
- AI Adoption in Cybersecurity Operations on the Rise
The 2nd Annual CIO&Leader State of Enterprise Technology (SET) Survey by 9.9 Research, conducted in collaboration with research firm BM Nxt, highlights pressing cybersecurity challenges faced by Indian enterprises. Gathering insights from over 350 CIOs and IT decision-makers across India’s top organizations, the survey underscores that human error remains a significant contributor to IT security incidents, with 15% of respondents reporting frequent occurrences and an additional 35% noting occasional lapses.
“The persistence of human error as a leading cause of security breaches highlights the urgent need for continuous training and awareness programs within organizations,” stated R. Giridhar, Research Head at CIO&Leader. “While robust technological defenses are crucial, empowering employees with the knowledge and skills to reduce risks is equally essential,” he added.
Although the frequency of human errors has decreased from 22% in 2023 to 15% in 2024, the rise in rare incidents from 24% to 41% signals that human error remains a persistent concern. The survey also reveals that malware incidents have remained steady, with 11% of respondents experiencing them often and 37% occasionally. Social engineering attacks are also a significant threat, with 11% reporting frequent occurrences and 27% occasional.
Phishing attacks are identified as the most severe threat, with 50% of respondents rating them as highly severe, reflecting their prevalence and effectiveness. Password and identity-based attacks follow closely, with 44% of respondents considering them highly severe.
The majority of organizations are already focusing on providing training for employees (69%), while 20% are planning to do it within six months and 7% are planning within 12 months. This measure shows a high level of immediate engagement, indicating that organizations recognize the importance of continuous learning and skill enhancement for their existing workforce
The survey also highlights a strong adoption rate of AI in cybersecurity operations, with 23% of organizations reporting extensive use and 35% moderate use. Notably, only 6% have no plans for AI adoption, indicating minimal resistance to AI in cybersecurity. As the ROI and effectiveness of AI in preventing breaches and reducing security incidents become more evident, it is likely that the remaining low-use and non-adopters will follow suit.
Moderate use of AI and ML in systems monitoring and optimization has increased from 29% to 38%, while low use has decreased from 23% to 18%. This trend suggests that after initial successes with AI, many organizations are expanding their deployments, further integrating AI into their existing systems monitoring and optimization frameworks.
“While Indian enterprises are making strides in adopting AI and enhancing cybersecurity measures, the persistence of human error and the rising threat of phishing attacks underscore the ongoing challenges that must be addressed,” Giridhar added.
Other key highlights:
- Escalating Impacts:
The survey indicates a growing recognition of the severe consequences of IT security incidents on business operations, data loss, and financial performance. High-impact ratings for business disruptions increased from 20% to 24%, while data loss concerns surged, with high-impact ratings rising from 19% to 23%. - Security Management Challenges:
Managing security solutions due to high costs and effort emerged as the top challenge in this year’s survey. It was rated as a high challenge by 44% of respondents, medium by 39%, and low by just 12%. The financial burden of implementing, maintaining, and upgrading security measures is straining IT budgets, especially as threats become more sophisticated. - Vendor Dependence a Growing Concern:
The increasing reliance on platform vendors is a significant challenge, with 26% of respondents rating it as a high concern and 35% as a medium concern. This dependence can limit flexibility and stifle innovation, as organizations may find themselves constrained by vendors’ capabilities and policies.
Jatinder Singh, Executive Editor at CIO&Leader, commented, “The evolving threat landscape, particularly with the rise in phishing and ransomware attacks, necessitates a multifaceted approach. Additionally, the growing concern around vendor dependence underscores the need for organizations to critically evaluate their partnerships and maintain the agility required to foster innovation.”
About the Survey:
The CIO&Leader SET Survey, now in its second year, combines qualitative and quantitative methodologies, offering a comprehensive overview of technology deployments, challenges, and future plans concerning Cloud Infrastructure, Cybersecurity, Data Analytics, and Artificial Intelligence (AI) within Indian enterprises. The latest survey was conducted between May and July 2024.
About CIO&Leader:
Celebrating its 25th year, CIO&Leader, a 9.9 Group Research publication, stands as India’s premier platform for enterprise technology leaders and decision-makers. It fosters the exchange of informed perspectives, insights, and discussions on emerging trends, technology implementations, IT business strategies, leadership, and innovation.