Posted by Mumbai: Are CEOs confident in their organisational ability to combat cyberattacks? The answer to this very pertinent question might be shocking for the business world but that’s reality when dealing with cyber incidents and attacks. As high as 74% of CEOs lack confidence in their organisation’s ability to protect against cyberattacks despite seeing cybersecurity as vital to growth, according to a new Accenture report.
CEOs’ confidence and concerns
Three-quarters (74%) of CEOs are concerned about their organisations’ ability to avert or minimise damage to the business from a cyberattack—despite the fact that 96% of CEOs said that cybersecurity is critical to organisational growth and stability, the report stated.
‘The Cyber-Resilient CEO‘ report is based on a survey of 1,000 CEOs from large organisations globally.
The reactive way in which CEOs treat cybersecurity, according to the report results in greater risk of attacks and higher costs to respond to and remediate them.
60% of CEOs said their organisations don’t incorporate cybersecurity into business strategies, services or products from the outset, and more than four in 10 (44%) of the CEOs believe that cybersecurity requires episodic intervention rather than ongoing attention, the report noted.
Further, more than half (54%) of CEOs hold the incorrect assumption that the cost of implementing cybersecurity is higher than the cost of suffering a cyberattack. That’s quite the opposite of reality.
For instance, a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting US$300 million.
However, despite 90% of CEOs saying cybersecurity is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings for discussing cybersecurity issues.
This disconnect might be explained by the fact that the vast majority (91%) of CEOs said cybersecurity is a technical function that is the responsibility of the CIO or CISO (chief information security officer).
The report also stated that generative AI holds the potential to introduce a greater level of advanced security threats introducing new challenges that even best-practice cyber defenses may not fully address.
Generative AI
Nearly 64% of CEOs surveyed said that cybercriminals could use generative AI to create sophisticated and hard-to-detect cyberattacks, such as phishing scams, social engineering attacks and automated hacks.
“The acceleration of generative AI makes it even more essential for organisations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, Global Lead of Accenture Security.
“Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organisations. Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust,” added Paolo.
The research identifies a small group of CEOs who excel at cyber resilience. This group—which Accenture calls “cyber-resilient CEOs” and accounts for 5% of respondents—uses a wider lens to assess cybersecurity across all aspects of their organisations. The companies of these leaders detect, contain and remediate cyber threats faster than other organizations.
As a result, their breach costs are considerably lower and financial performance significantly better than the rest, achieving 16% higher incremental revenue growth, 21% more cost-reduction improvements, and 19% healthier balance-sheet improvements, on average.
On the flip side are “cyber laggards”—accounting for nearly half (46%) of the CEOs—who don’t consistently or rigorously take any of the actions that cyber-resilient CEOs do and are typically stuck in a reactionary mode.