CEOs’ cybersecurity concerns outweigh their investments

Three-quarters (74%) of Chief Executive Officers are concerned about their organisations’ ability to avert, or minimise damage to the business from a cyberattack, despite 96% of CEOs saying that cybersecurity is critical to organisational growth and stability, according to a report from Accenture Plc.

The report noted that 60% of CEOs said their organisations don’t incorporate cybersecurity into business strategies, services, or products from the outset, and 44% of CEOs believed that cybersecurity needed episodic intervention instead of ongoing attention. The report—The Cyber-Resilient CEO—was based on a survey of 1,000 CEOs from large organisations globally.

Incorrect Assumptions Regarding Cybersecurity Costs
More than half (54%) of CEOs incorrectly assumed that the cost of implementing cybersecurity is higher than the cost of suffering a cyberattack, despite history indicating otherwise. For instance, the report noted that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million.

Despite 90% of CEOs saying that they consider cybersecurity a differentiating factor for their products or services to help them build trust among customers, only 15% have dedicated board meetings on cybersecurity. This might be because 91% of CEOs said that cybersecurity is a technical function; the responsibility of which falls on the chief information officer or chief information security officer.

Generative AI Poses Greater Challenge To Cybersecurity
The report suggested that generative artificial intelligence holds the potential to introduce a greater level of advanced security threats, which may be challenging for even best-practice cyber defenses. Of the CEOs surveyed, 64% said that cybercriminals could use generative AI to create sophisticated and hard-to-detect cyberattacks, such as phishing scams, social engineering attacks and automated hacks.

“The acceleration of generative AI makes it even more essential for organisations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, global lead of Accenture Security. “Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust,” Dal Cin added.

Cyber-Resilient CEOs And Cyber Laggards
The research identified a small group of CEOs who excel at cyber resilience. This group—termed cyber-resilient CEOs and accounting for 5% of respondents—used a wider lens to assess cybersecurity, across all aspects of their organisations.

According to the report, the companies of these leaders detect, contain and remediate cyber threats faster than other organisations. Their breach costs are lower and financial performance better than the rest. They achieved 16% higher incremental revenue growth, 21% more cost reduction improvements and 19% healthier balance sheet improvements, on average.

On the other side are cyber laggards—accounting for 46% of the CEOs—who don’t consistently or rigorously take any of the actions that cyber-resilient CEOs do and are often in a reactionary mode.

Actions That Cyber-Resilient CEOs Take
The report identified five actions that cyber-resilient CEOs are more likely to take than cyber laggards:

• Embedding Cyber Resilience In Business Strategy From The Start: Cyber-resilient CEOs are nearly twice as likely to manage cyber performance in the same way they manage financial performance (60% versus 33%).
• Establishing Shared Cybersecurity Accountability: Cyber-resilient CEOs are more likely to inspire executives to consider cybersecurity as a competitive differentiator that accelerates innovation safely (68% versus 37%) and work closely with their CISOs to assess and manage generative AI risks, ensuring safe and effective use of the technology (54% versus 33%).
• Securing The Digital Core: Cyber-resilient CEOs are more than twice as likely as laggards to boost their cybersecurity budget, as the adoption and implementation of emerging technologies intensifies (76% versus 35%).
• Extending Cyber Resilience Beyond Enterprise: Cyber-resilient CEOs are 40% more likely to implement policies and controls for third parties and to promote an enterprise-wide risk assessment approach (64% versus 41%).
• Embracing Ongoing Cyber Resilience: Cyber-resilient CEOs are more likely to continually establish industry-leading cybersecurity measures, that take into account the changing risk landscape and align with C-suite priorities (60% versus 34%).

“To close the cyber-resiliency gap, cybersecurity should be viewed as an organisation-wide priority—with the right processes for reporting; the involvement of employees at all levels; and greater commitment from and accountability across the C-suite and the board,” said Valerie Abend, global cybersecurity strategy lead at Accenture Security. Bloomberg