According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations.
The report sheds light on the reactive versus proactive nature of CEOs when it comes to cybersecurity, which ultimately increases the risk of attacks and in turn, recovery costs. Surprisingly, 60% of CEOs admitted that their organizations do not prioritize cybersecurity in their business strategies, services or products in planning.
Part of the reasoning for this reactive stance could be explained by the incorrect perception held by more than half (54%) of CEOs that the expenses associated with implementing cybersecurity outweigh the costs incurred from experiencing a cyber attack, despite historical evidence proving otherwise. Also, despite 90% of CEOs considering cybersecurity a differentiating factor, only 15% have dedicated board meetings for it. This may be because 91% of CEOs believe it falls under the responsibility of the CIO or chief information security officer.
The report also highlights the potential risks associated with generative AI, as it could enable cybercriminals to create highly sophisticated and undetectable cyber attacks. Almost two-thirds of CEOs (64%) expressed concerns about the use of generative AI by hackers to carry out phishing scams, social engineering attacks, and automated hacks.
“The acceleration of generative AI makes it even more essential for organizations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, global lead of Accenture Security. “Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organizations. Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust.”
The report identifies a small group of CEOs who excel at cyber resilience. These "cyber-resilient CEOs" use a holistic approach to cybersecurity and their organizations are better at detecting, containing and remedying cyber threats. Consequently, they have lower breach costs and achieve better financial performance, including higher revenue growth, more cost-reduction improvements, and healthier balance-sheet improvements.
On the other hand, there exists a group of CEOs known as "cyber laggards" who make up almost half (46%) of the CEOs. This group lacks consistency and rigor in taking the proactive actions that cyber-resilient CEOs do. Five actions that cyber-resilient CEOs are far more likely than cyber laggards to take proactively are:
- Making cybersecurity a part of the organization's overall strategy from the beginning
- Ensuring accountability for cybersecurity is shared across the organization
- Securing the digital infrastructure of the organization
- Extending cybersecurity strategies across organizational silos as well as with third parties
- Embracing an ongoing cyber-resilient security culture to stay ahead of the curve
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.