The report sheds light on the reactive versus proactive nature of CEOs when it comes to cybersecurity, which ultimately increases the risk of attacks and in turn, recovery costs. Surprisingly, 60% of CEOs admitted that their organizations do not prioritize cybersecurity in their business strategies, services or products in planning.
Part of the reasoning for this reactive stance could be explained by the incorrect perception held by more than half (54%) of CEOs that the expenses associated with implementing cybersecurity outweigh the costs incurred from experiencing a cyber attack, despite historical evidence proving otherwise. Also, despite 90% of CEOs considering cybersecurity a differentiating factor, only 15% have dedicated board meetings for it. This may be because 91% of CEOs believe it falls under the responsibility of the CIO or chief information security officer.
The report also highlights the potential risks associated with generative AI, as it could enable cybercriminals to create highly sophisticated and undetectable cyber attacks. Almost two-thirds of CEOs (64%) expressed concerns about the use of generative AI by hackers to carry out phishing scams, social engineering attacks, and automated hacks.
“The acceleration of generative AI makes it even more essential for organizations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, global lead of Accenture Security. “Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organizations. Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust.”
The report identifies a small group of CEOs who excel at cyber resilience. These "cyber-resilient CEOs" use a holistic approach to cybersecurity and their organizations are better at detecting, containing and remedying cyber threats. Consequently, they have lower breach costs and achieve better financial performance, including higher revenue growth, more cost-reduction improvements, and healthier balance-sheet improvements.
On the other hand, there exists a group of CEOs known as "cyber laggards" who make up almost half (46%) of the CEOs. This group lacks consistency and rigor in taking the proactive actions that cyber-resilient CEOs do. Five actions that cyber-resilient CEOs are far more likely than cyber laggards to take proactively are:
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.