12 Things Every CIO Should Know


With every business and IT decision, we now have to take cybercrime into account. Behold our list of 12 things every Chief Information Officer (CIO) should know. Ginni Rometty, IBM’s CEO, has stated, “Cybercrime is the greatest threat to every company in the world.”

Now even if you have doubts on this statement, it is impossible to deny that security is now part of every business and IT discussion we have. In the future, the necessity of combating these internal and external threats will only be intensified. Due to this essential need, we’ve compiled a short list of facts and statistics covering a range of topics from emerging threats posed by hackers to the everyday issues and vulnerabilities found in company cyber security policies.

 1. Millennials (ages 18-29) love the Cloud 

Firms are 44% more likely to have adopted cloud workload back-up if they are millennial-led, rather than Baby-Boomer-led firms. The cloud is known for adding employees productivity and efficiency, especially in smaller businesses; however many smart devices and laptops having instant access to potentially sensitive company information increases their security risk.

 2. Millennials use a wider range of devices and are more nonchalant with passwords 

39% of millennial respondents print from mobile devices compared to a measly 8% of 35+ respondents. Utilizing the great functionality modern technology has provided is terrific, however it should make you question your company’s print security. The number of businesses being hacked through an unsuspecting printer is rising exponentially. Also, only  a measly  33% of millennials use secure passwords for all of their accounts, this is compared to 53% of baby boomers. This means they use easily accessed information like nicknames, birthdays, and pet names; although this makes it easier for them to remember, it also makes it easier to guess. 

 3. Phishing and social engineering top threats

One of the biggest security threat to an organization, identified by 65% of professionals is phishing and social engineering. It only takes is one employee clicking a fake email or link about banking or spyware to give a direct access to all the data on their device and a direct pathway to your network to a hacker. Although 78% of people claim to be aware of the potential risks caused by unknown links in emails, yet will click on these links anyway.

 4. Hackers will stay hidden 

Over 140 days is the average time attackers stay hidden on a network. While it seems unrealistic and unbelievable to have a spy hiding in the middle of your business for almost five months, it happens way more often than most businesses care to admit. While playing their modern version of Hide-and-Seek, they are able to expose additional vulnerabilities and sneak off with important data such as sensitive information, passwords and even documents. All this is occurring whilst you are unaware that this “game” is happening.

 5. Encryption can be contradictory 

90% of Chief Information Officers have admitted to being attacked or fully expect to be attacked by hackers hiding in an encryption. In fact, half of all network attacks will use encrypted traffic in 2017.

 6. IT Departments may ignore their own protocols 

45% of IT personnel claim to have knowingly eluded their own policies. Although it is easier to just ignore the Bring Your Own Device policy, so you could potentially get some extra work done at home, it only takes on employee making one mistake to expose your entire company’s network.

 7. It could be an inside job 

When they have quit or been fired, 59% of employee respondents has admitted to stealing proprietary corporate data. A sense of ownership over projects or research that disgruntled employees have been involved with can often occur. This means important company data can be overturned and used to benefit rival businesses.

 8. Employees pose the biggest risk 

The biggest risk to the business (according to 70% of business respondents) is employees. This can be boiled down to things as simple as a lack of education in employees about security or a company having a poorly defined Bring Your Own Device policies.

 9. The majority of companies ignore print security

56% of companies do not see printers and hard-copy documents as a high risk point of focus. They also tend to overlook printers in their endpoint security strategy. An average of 44% of network-connected printers within organizations are unsecured when it comes to unauthorized access to data that is stored in the printer mass storage. This causes printers and multi-function printers (M.F.P.s) arguably to be potentially the weakest ‘known’ link in the security of a company’s IT operations.

 10. The ever-rising global cost of cybercrime 

Our elevated reliance on data and connectivity will generate an increase in the global cost of cybercrime leading to a predicted $2 trillion by 2019. When prompted, 87% of Chief Information Officers believe that their security regulations are unsuccessful in regards of business protection. 

 11. Average number of attacks per company, per year 

The average number of successful cyber attacks per week is two. These two cyber attacks can cause an average loss of over $17 million annually in the United States. 

 12. Cost of stolen data 

The estimated average cost of each stolen record, data-log, piece of information is $158. That means every bank account, every password, every social account, every print job. Therefore, if a hacker is hiding in your software for over 140 days, and is only stealing 1 password each day; the company has already lost over $22,000.


Start by defining your weakest link and defending it. If just reading these average stats make you cringe, imagine what could be happening right under your nose.  Businesses in the United State’s have been spending an all time high on cyber security; however, the number of breaches continues to exponentially rise in both cost and volume. 

IT teams are hustling and bustling to to confront all the demands of a millennial workforce who are dependent on mobility and accessibility. They fully expect to bring their own technology into the office often showing disregard for basic security protocols and regulations. Simultaneously, the hackers are evolving and accommodating these weaknesses.

We are witnessing an evident rise in attacks using legitimate software and credentials. There’s also a significant increase of focus on  social media and personal emails; this allows them to bypass most levels of locked down security network defenses. 

Bottom Line:

If your organization isn’t focusing on and prioritizing practical and modern comprehensive security policies, perhaps it’s time to start?

Written by Lorissa Morton

Content Writer for Threat Tec