It’s a dirty little secret but its one that needs to be let out of the bag. IT professionals spend a lot of time worrying about security threats to their organizations from hackers and corrupt employees, but according to a new study from ThreatTrack, the bigger risk lies at the top of the tree. The behavior of senior executives is one of the biggest causes of corporate data being stolen and systems being hacked, with the deadliest sins including execs allowing friends and family members to use corporate devices, downloading malicious applications, and surfing the web for porn.

Even worse, is that the vast majority of senior execs ignore such threats altogether, failing to report them, even when they become aware of them.

In its study commissioned last month, ThreatTrack quizzed 200 security professionals responsible for analyzing malware threats, reports Network World. The survey came up the following findings:

• Senior executives are responsible for all kinds of malicious nasties being downloaded onto corporate devices, often because they click on malicious links in emails they receive. According to ThreatTrack, 56% of security experts said that they’d had to remove malware from executives PCs or laptops. As well as downloading malware directly onto their PCs, many execs were guilty of using infected USB drives or attaching corrupted smartphones to their machines.

• The damage done by execs surfing the web for porn during their ‘down time’ is almost as bad. In the study, almost 40 percent of security experts reported having to remove malware from an executives computer after they had visited compromised websites.

• No doubt most execs know they shouldn’t really be looking for adult content on a company PC anyway, but all the evidence suggests they have a hard time grasping corporate IT security polices full stop. As well as the porn, almost 46 percent of malware analysts reported having to fix problems caused by execs letting family members or friends ‘borrow’ their devices.

The findings are actually quite startling, as it shows that the majority of security experts spend a significant amount of time cleaning up after their bosses – and in the majority of cases, a lot of these incidents are quite avoidable with a bit of common sense.

Even worse is that most bosses fail to understand the dangers malware can pose to their organizations. A rather worrying 66 percent of malware analysts stated that they’d had to fix security incidents that the company never reported. In most cases, the source of these incidents could be traced back to senior executives within the company concerned.

Another key finding is that security professionals often cover up for their bosses’ bad behavior too. Almost 79 percent of respondents admitted to having covered the tracks of their boss at one time or another. That wouldn’t be so bad, but even worse is that many don’t just have their boss’s back – many also fail to report incidents involving outside data breaches too.

“Over 50 percent of the analysts included in the survey claimed that they’ve investigated or addressed a data breach that the company didn’t disclose to customers, partner or stakeholders,” reports PC Magazine.

“The study revealed that larger companies are three times as likely to not disclose data breaches than smaller ones.”