Organizations can suffer attacks designed to take advantage of employee vulnerabilities. Successful attacks cause firms to suffer financial damage ranging from minor information breaches to severe financial losses. Cybercriminals focus on organization executives, because the power and influence they wield affords access to more sensitive data and financial resources. The purpose of this research in progress submission is to identify the types of executive behaviors that information security professionals believe introduce risk to an organization, as well as to explore the degree of risk organizations face as a result of these behaviors.