Nearly one-third of CEO emails have been breached or leaked

November 2, 2017

The corner office is under siege: 30% of the email addresses and passwords belonging to CEOs of the world’s largest businesses and organizations already have been stolen and circulated online according to results of a study released on October 25.

The study, “CEO Email Exposure: Passwords and Pwnage,” conducted by Finnish cybersecurity firm F-Secure, investigated the accessibility of login credentials for email accounts belonging to more than 200 chief executives.

According to F-Secure’s findings, only 18% of CEOs have not been affected in some way.

Through checking the publicly available email addresses of the CEOs against databases of stolen and leaked credentials available online, the researchers found that three in ten CEOs have had their login credentials exposed.

Interestingly enough, that figure more than doubles for tech companies, which should know better. In fact, 63% of the leaders of tech firms have confirmed that their account names and passwords have been leaked.

Social media sites also are up for grabs, which Americans are now realizing, looking back at the 2016 presidential election. Fully 81% of the CEOs of sites such as LinkedIn, Facebook, and Twitter have been affected, the researchers found. The most common previously breached services for CEOs to link their company email with are LinkedIn and Dropbox.

The countries with the highest percentages of CEOs who’ve linked their email to these breached services are Denmark, at 62%, and the Netherlands, at 43%

According to the FBI, there have been 40,203 business email compromise attacks reported in the last three years, resulting in affected businesses losing more than $5.3 billion. Attacks have increased exponentially in the last two years, with a 2,370% hike in identified losses taking place between January 2015 and December 2016.

Research contact: