74% of CEOs Concerned About Their Organization's Ability to Protect Against Cyber Attacks, Despite Seeing Cybersecurity as Critical

Depositphotos_162783142_s-2019According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations.

The report sheds light on the reactive versus proactive nature of CEOs when it comes to cybersecurity, which ultimately increases the risk of attacks and in turn, recovery costs. Surprisingly, 60% of CEOs admitted that their organizations do not prioritize cybersecurity in their business strategies, services or products in planning.
Part of the reasoning for this reactive stance could be explained by the incorrect perception held by more than half (54%) of CEOs that the expenses associated with implementing cybersecurity outweigh the costs incurred from experiencing a cyber attack, despite historical evidence proving otherwise. Also, despite 90% of CEOs considering cybersecurity a differentiating factor, only 15% have dedicated board meetings for it. This may be because 91% of CEOs believe it falls under the responsibility of the CIO or chief information security officer.

The report also highlights the potential risks associated with generative AI, as it could enable cybercriminals to create highly sophisticated and undetectable cyber attacks. Almost two-thirds of CEOs (64%) expressed concerns about the use of generative AI by hackers to carry out phishing scams, social engineering attacks, and automated hacks. 

“The acceleration of generative AI makes it even more essential for organizations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, global lead of Accenture Security. “Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organizations. Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust.”

The report identifies a small group of CEOs who excel at cyber resilience. These "cyber-resilient CEOs" use a holistic approach to cybersecurity and their organizations are better at detecting, containing and remedying cyber threats. Consequently, they have lower breach costs and achieve better financial performance, including higher revenue growth, more cost-reduction improvements, and healthier balance-sheet improvements.

On the other hand, there exists a group of CEOs known as "cyber laggards" who make up almost half (46%) of the CEOs. This group lacks consistency and rigor in taking the proactive actions that cyber-resilient CEOs do. Five actions that cyber-resilient CEOs are far more likely than cyber laggards to take proactively are:

  • Making cybersecurity a part of the organization's overall strategy from the beginning
  • Ensuring accountability for cybersecurity is shared across the organization
  • Securing the digital infrastructure of the organization 
  • Extending cybersecurity strategies across organizational silos as well as with third parties
  • Embracing an ongoing cyber-resilient security culture to stay ahead of the curve

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Get Your Customized Automated Security Awareness Program, ASAP!

Many IT pros don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

We’ve taken away all the guesswork with our Automated Security Awareness Program (ASAP).

ASAP is a revolutionary tool for IT professionals, which allows you to create a customized Security Awareness Program for your organization that will show you all the steps needed to create a fully mature training program in just a few minutes!

asap-monitor-1Here's how it works:

  • Answer seven questions about your organization’s goals, compliance needs, and culture
  • ASAP recommends suggested training content based on your answers
  • See a detailed calendar with a customized task lisk to get your program started
  • Easily export detailed and executive summary PDF versions of your program
  • Get a fully mature awareness program ready in 5 minutes

Get Started Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Cybersecurity

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews