Top executives may be the most likely to defy security best practices and company policy, according to a Tuesday report from Code42. Some 72% of CEOs said that they’ve taken valuable intellectual property (IP) from a former employer–despite the fact that 78% agreed that ideas are the most precious asset in the enterprise.

Another 93% of CEOs said they keep a copy of their work on a personal device, outside of secure company servers and cloud applications, putting the company at more risk, the report found.

The report, which surveyed nearly 1,700 security, IT, and business leaders across the US, UK, and Germany, demonstrates the risks that C-level employees can pose to data security.

SEE: Security awareness and training policy (Tech Pro Research)

“It’s clear that even the best-intentioned data security policies are no match for human nature,” Jadee Hanson, CISO at Code42, said in a press release. “Understanding how emotional forces drive risky behavior is a step in the right direction, as is recognizing ‘disconnects’ within the organization that create data security vulnerabilities.”

Members of the C-suite are among the worst offenders when it comes to data security, the report found. Almost two-thirds of CEOs (63%) said they have clicked on a link they should not have or did not intend to, potentially putting their corporate and personal data at risk from malware. Additionally, 59% said they have downloaded software without knowing whether it was approved by corporate security.

The report also uncovered a disconnect between business leaders and CISOs. While 80% of CISOs said they agreed with the statement that they can’t protect data they can’t see, 82% of business leaders said they believe IT can protect that information.

Among CISOs, 64% said they believe their company will experience a breach in the next year that will be made known to the public, while 61% said their company has already faced a breach in the last 18 months.

The threat of a cyberattack has led some CISOs to take action: 73% of those surveyed said they were stockpiling cryptocurrency to pay off ransoms, and 79% of those who have done so said they have already paid a ransom, the report found.

These findings highlight the need for companies to provide cybersecurity education to those at all levels, including the C-suite. For tips on how to do so, click here.

The big takeaways for tech leaders:

  • 72% of CEOs said that they’ve taken valuable intellectual property from a former employer. — Code42, 2018
  • 64% of CISOs believe their company will experience a breach in the next year that will be made known to the public. — Code42, 2018