Corporate Leaders See External Hackers, Internal Staff Errors, as Top Cybersecurity Breach Causes

Increased Customer and Employee Friction May Be Necessary to Thwart Threats

EisnerAmper survey on cybersecurity and CX

It is a familiar story that tends to be repeated month after month, year after year: a large organization reports that its customer data has been exposed via a data breach, and notices are sent out to affected customers. In January 2023 alone, organizations such as Twitter, Chick-fil-A, PayPal, MailChimp, and T-Mobile announced data breaches. The organizations typically promise to redouble their efforts to close the gaps that led to the breach, enhance customer and employee cybersecurity training, and provide “friendly reminders” to customers about the need to remain vigilant against cybersecurity scams.

And while federal authorities continue to chase down bad actors, such as the FBI’s takedown of Hive, a ransomware group that has extorted more than $100 million from schools, hospitals, and others around the world, there are still many threats targeting small, medium, and enterprise-size companies. However, according to the results of an online survey conducted by EisnerAmper, external hackers (75%) and accidental internal staff errors (71%) were cited as the top two expected likely causes for cybersecurity breaches.

The online survey was taken by 113 predominantly chief executive officers/owners/ presidents, chief risk officers, chief finance officers, chief technology officers, chief operating officers, and vice presidents of finance during November 2022. Companies surveyed include financial services, real estate, manufacturing and distribution, and technology, with representation from other sectors such as healthcare, professional services, and nonprofits. Most companies are in the annual revenue range of $50 million to $500 million and have 10 to 99 employees.

Yet, despite the concerns about external and internal cyber threats, only 50% of survey respondents say they conduct regular training, and most executives interviewed for the survey said they will not change IT personnel nor increase their IT budgets.

One of the reasons that good cybersecurity can increase friction is the layered nature of a strong defense. Instead of relying on a single technology or strategy to thwart would-be hackers or careless employees, robust security practices are multifaceted and are designed to introduce friction.

“Similar to layers of an onion, the more strata that concisely fit together strengthen the overall endeavor,” explains Rahul Mahna, Managing Director at Eisner Advisory Group’s Outsourced IT Services team. “However, if you look at one layer on its own it appears weak and flimsy. It’s the job of an IT department to educate the firm’s people and [explain] the reasoning that one layer augments the security of other layers. If this is not explained clearly and comprehensively, then it will appear to be problematic and burdensome to the employees of the firm.”

This is also true for customers, who may feel that security measures, such as multi-factor authentication, captchas, and other security mechanisms that appear to make interacting with a company more difficult are necessary to ensure their safety, as well as the safety of the company.

“When we implement solutions in our practice, we spend a substantial amount of time explaining and educating on the ‘why,’” Mahna explains. “We have found that taking the time for this explanation period significantly mitigates the organization friction (and potential risk) that could occur.”  

The EisnerAmper survey also highlighted the disconnect between the awareness of potential cybersecurity issues that are the result of employee actions, and the use of internal training. According to the survey, 71% of executives believe a cyber breach could occur from internal actions, but 31% had not conducted a cybersecurity training event or session.

“We believe this stems from the idea that there is no “magic bullet” to solve an IT problem,” Mahna says. “To effectively have a cybersecurity mindset requires a commitment to a budget and constant review, training on and evolution of the programs in place.”

Organizations that collect and store large amounts of personally identifiable information (PII) are particularly at risk for cyberattacks and breaches because the data is extremely valuable, fetching anywhere from a few dollars (such as a customer’s address) or item to several hundreds of dollars (for a person’s complete medical record), according to Keeper.com. That is why Mahna suggests that organizations conduct IT risk assessments on an annual basis to gauge the firm’s cyber resiliency and its weaknesses.

Author Information

Keith Kirkpatrick is VP & Research Director, Enterprise Software & Digital Workflows for The Futurum Group. Keith has over 25 years of experience in research, marketing, and consulting-based fields.

He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.

In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.

He is a member of the Association of Independent Information Professionals (AIIP).

Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.

Latest Insights:
Can UST and Claude Make Physical AI the Next Enterprise Standard?
July 11, 2026

Can UST and Claude Make Physical AI the Next Enterprise Standard?

UST integrated Anthropic's Claude into core engineering platforms, reducing chip validation cycles by 50-70% and training 20,000 engineers on AI-native operations across multiple sectors....
Are Podcasts the New Playbook for Engineering Leaders Work through AI in the SDLC?
July 11, 2026

Are Podcasts the New Playbook for Engineering Leaders Work through AI in the SDLC?

Qodo releases a curated podcast guide for engineering leaders navigating the rapidly evolving AI platforms market. With agentic AI adoption accelerating, leaders need practical resources to build AI literacy and make informed...
SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?
July 11, 2026

SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?

IT Convergence's SaaS ERP strategy capitalizes on enterprise modernization trends, with 84.5% of channel partners expecting AI-driven growth and the Channel Ecosystems market forecast to reach $41.8B by 2029....
Edison International’s $25,000 Lineworker Scholarships Signal a Workforce Strategy Shift
July 11, 2026

Edison International’s $25,000 Lineworker Scholarships Signal a Workforce Strategy Shift

Edison International awarded 10 lineworkers up to $25,000 each through its 2026 scholarship program, affirming that skilled human expertise remains essential to grid operations despite growing AI adoption....
Latest Research:
The Enterprise Imperative for Digital Sovereignty Architecture, Control, and Competitive Advantage
June 17, 2026
Research
Research

The Enterprise Imperative for Digital Sovereignty: Architecture, Control, and Competitive Advantage

In our latest Market Brief, The Enterprise Imperative for Digital Sovereignty: Architecture, Control, and Competitive Advantage, completed in partnership with IBM, Futurum Research explores why AI is changing the sovereignty...
Data Gravity in the Age of AI Engineering the Mission-Critical Engine for Autonomous Workloads
June 11, 2026

Data Gravity in the Age of AI: Engineering the Mission-Critical Engine for Autonomous Workloads

In our latest report, Data Gravity in the Age of AI: Engineering the Mission-Critical Engine for Autonomous Workloads, completed in partnership with Oracle, Futurum Research explores why fragmented data architectures...
The Autonomous IT Imperative
June 2, 2026
Research
Research

The Autonomous IT Imperative

In our latest Market Report, The Autonomous IT Imperative, completed in partnership with Tanium, Futurum Research examines why traditional IT operations and security models are reaching their limits—and how Autonomous...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.