Learn More
EisnerAmper survey on cybersecurity and CX

Corporate Leaders See External Hackers, Internal Staff Errors, as Top Cybersecurity Breach Causes

Increased Customer and Employee Friction May Be Necessary to Thwart Threats

  • Share

It is a familiar story that tends to be repeated month after month, year after year: a large organization reports that its customer data has been exposed via a data breach, and notices are sent out to affected customers. In January 2023 alone, organizations such as Twitter, Chick-fil-A, PayPal, MailChimp, and T-Mobile announced data breaches. The organizations typically promise to redouble their efforts to close the gaps that led to the breach, enhance customer and employee cybersecurity training, and provide “friendly reminders” to customers about the need to remain vigilant against cybersecurity scams.

And while federal authorities continue to chase down bad actors, such as the FBI’s takedown of Hive, a ransomware group that has extorted more than $100 million from schools, hospitals, and others around the world, there are still many threats targeting small, medium, and enterprise-size companies. However, according to the results of an online survey conducted by EisnerAmper, external hackers (75%) and accidental internal staff errors (71%) were cited as the top two expected likely causes for cybersecurity breaches.

The online survey was taken by 113 predominantly chief executive officers/owners/ presidents, chief risk officers, chief finance officers, chief technology officers, chief operating officers, and vice presidents of finance during November 2022. Companies surveyed include financial services, real estate, manufacturing and distribution, and technology, with representation from other sectors such as healthcare, professional services, and nonprofits. Most companies are in the annual revenue range of $50 million to $500 million and have 10 to 99 employees.

Yet, despite the concerns about external and internal cyber threats, only 50% of survey respondents say they conduct regular training, and most executives interviewed for the survey said they will not change IT personnel nor increase their IT budgets.

One of the reasons that good cybersecurity can increase friction is the layered nature of a strong defense. Instead of relying on a single technology or strategy to thwart would-be hackers or careless employees, robust security practices are multifaceted and are designed to introduce friction.

“Similar to layers of an onion, the more strata that concisely fit together strengthen the overall endeavor,” explains Rahul Mahna, Managing Director at Eisner Advisory Group’s Outsourced IT Services team. “However, if you look at one layer on its own it appears weak and flimsy. It’s the job of an IT department to educate the firm’s people and [explain] the reasoning that one layer augments the security of other layers. If this is not explained clearly and comprehensively, then it will appear to be problematic and burdensome to the employees of the firm.”

This is also true for customers, who may feel that security measures, such as multi-factor authentication, captchas, and other security mechanisms that appear to make interacting with a company more difficult are necessary to ensure their safety, as well as the safety of the company.

“When we implement solutions in our practice, we spend a substantial amount of time explaining and educating on the ‘why,’” Mahna explains. “We have found that taking the time for this explanation period significantly mitigates the organization friction (and potential risk) that could occur.”  

The EisnerAmper survey also highlighted the disconnect between the awareness of potential cybersecurity issues that are the result of employee actions, and the use of internal training. According to the survey, 71% of executives believe a cyber breach could occur from internal actions, but 31% had not conducted a cybersecurity training event or session.

“We believe this stems from the idea that there is no “magic bullet” to solve an IT problem,” Mahna says. “To effectively have a cybersecurity mindset requires a commitment to a budget and constant review, training on and evolution of the programs in place.”

Organizations that collect and store large amounts of personally identifiable information (PII) are particularly at risk for cyberattacks and breaches because the data is extremely valuable, fetching anywhere from a few dollars (such as a customer’s address) or item to several hundreds of dollars (for a person’s complete medical record), according to That is why Mahna suggests that organizations conduct IT risk assessments on an annual basis to gauge the firm’s cyber resiliency and its weaknesses.

Latest Research

Employee Experience

Employee Experience

Market Drivers and Barriers, Market Sizing and Forecasts, and Case Studies

CX in the Healthcare Industry

CX in the Healthcare Industry

Patient Experience Management and Patient Engagement: Best Practices, Key Market Trends, Case Studies, and Market Forecasts

CX Market Forecasts

Customer Data & Analytics, Customer Relationship Management, Contact Center, Personalization & Optimization, Customer Data Platforms, Customer Insights & Feedback, and Employee Experience

Customer Insights & Feedback

Market Drivers and Barriers, Key Industry Players, Market Sizing and Forecasts, and Case Studies

Related Articles

Qualtrics X4 media and analyst briefing

Qualtrics X4 is Back

Qualtrics X4 has returned after a 3-year hiatus with 10,000 experience professionals converging on Salt Lake City. The company is leaning into a few areas, and has been highlighting its capabilities with AI, its solutions to support frontline…

Read More
Exemplifi and Chatmeter studies on online reviews

Research Points to the Importance of Online Reviews

Two reputation management companies recently released data pointing to the importance of online reviews as part of the brand-customer experience. Reputation management and brand intelligence provider Chatmeter conducted a survey in January 2023…

Read More
CX Innovators - Ken Peterson of QuestionPro

CX Innovators: Ken Peterson, QuestionPro

Ken Peterson, President, Customer Experience at survey software company QuestionPro, provides insights on using CX to provide “empathy at scale”.

Read More
Customer Insights and Feedback product and partnership announcements

Insights and Feedback News: Gainsight, Lexalytics, Productboard, Qualtrics, Review Trackers, SkyTeam

Customer Insights & Feedback market sector updates: product launches and enhancements, partnerships, and investment news.

Read More
More related articles