New survey data from Tech.co’s Impact of Technology on the Workplace report has revealed that more than 1 in 10 business leaders are unaware if they’ve been hacked.

The survey of 1047 US business leaders found that 11% of respondents – representing 115 different companies – admitted they were “not sure” whether their company had suffered a data breach in the last year.

Data breaches are set to be a continued cause for concern during the year ahead as 40% of surveyed business leaders think cybersecurity threats will “highly affect” their organisation’s performance this year.

But despite this looming threat, senior leadership are not doing enough to implement sufficient cybersecurity measure. 66% of businesses say they do not use password managers, and 59% do not currently use a VPN.

While the data breach landscape continues to diversity, Tech.co’s research also shows that one of the biggest threats to business security lies internally – specifically, the errors made by employees. “Human error” such as sending a document to the wrong address, is still at the centre of a significant number of cyber-attacks experienced by businesses.

Phishing attacks, which mostly reply on employee interaction with a link or fake landing page, proved to be the top reason for data breaches (23%) experienced by surveyed business leaders in 2023.

One business leader spoke to Tech.co about their company falling victim to a phishing email attack, revealing the email was “sent on a Friday evening, exploiting the reduced vigilance typical of week’s end”. This allowed the threat actor a 36-hour window before detection. The individual shared that a “special response team” of legal, IT, and communication stakeholders was required to devise a rescue plan and address impacted clients via email.

While phishing came in first, computer viruses (22%), and employee error (12%) also contributed significantly to data breaches in 2023.

Recommended reading

• CTOs: Human Error Is the Biggest Cyber Threat
• NCSC Warns Ransomware Threat to Rise with AI
• New Threat Actors Contribute to Big Rise in Ransomware Attacks

“When the results from our survey came through, I was surprised to see some business leaders were “unsure” if their company had been hacked, especially considering how damaging a data breach can be to both a company’s reputation and its bottom line,” Tech.co’s lead writer, Aaron Drapkin commented.

“Responding to a major data breach is a wide-ranging process that involves virtually all of a business’s key stakeholders. Not only do you have to re-secure all of your company’s systems – which may involve re-authenticating your entire team’s account credentials – you also have to notify any customers or clients who’ve had their data exposed in the breach. On top of this, there’s a range of other, subsequent steps that businesses that have suffered a breach have to take to comply with the local data security and privacy laws.

“It’s vitally important that logging and reporting these kinds of incidents is done with as much transparency as possible, and that responses commence swiftly once the breach is discovered.

“If any leader at a business cannot confidently say whether their company’s systems have been hacked or not, then it may be time to revise how such incidents are reported and managed.”