New research from EY US shows that cyber attacks are creating serious financial risks. C-suite leaders don’t always agree on how exposed their companies are or where the biggest threats come from.
Cybersecurity as a strategic investment
In EY US’s latest C-suite cybersecurity study, 84% of executives reported facing a cyber incident in the past three years. The impact is significant; after a cyber attack, a company’s stock price can drop by an average of 1.5% over the following 90 days.
The survey involved 800 U.S. executives, including 300 CISOs and 500 other C-suite leaders. Insights revealed that CISOs are more alarmed about threats than their counterparts, with 66% of them believing the threats they face are more advanced than their current defences, compared to only 56% of other executives.
Gaps between CISOs and other C-suite leaders could be putting companies at risk
CISOs feel that senior leaders undervalue cybersecurity; about 68% of them think top executives underestimate the risks, whilst only 57% of other C-suite members agree. This disconnect extends to perceptions of who is responsible for cyber incidents and the effects of investment strategies.
Three out of four CISOs attribute a reduction in incidents to AI, while only a lesser number of non-security leaders agree. Meanwhile, 77% of non-security execs credit employee training as the main factor in decreasing incidents, as opposed to 69% of CISOs.
A call to action
“CISOs see escalating threats and vulnerabilities, while the C-suite tends to think cybersecurity is managed,” noted Jim Guinn, EY Americas Cybersecurity Leader. He stressed that incidents have extensive financial implications beyond immediate recovery costs, urging a unified approach to creating a cybersecurity framework that aligns with evolving threats.
Although risks remain, there’s a positive trend as investments in cybersecurity are on the rise. Current statistics show that 21% of C-suite leaders allocate more than 10% of their IT budget to cybersecurity, which is set to increase to approximately 38% next year.
To maximise this new influx of capital amid increasing cyber threats, expert recommendations include:
- Elevate the CISO role: Empower the CISO to oversee the organisation’s security posture and strategic initiatives.
- Invest strategically: Align cybersecurity spending with broader business objectives and identified risks.
- Embrace innovation: Regularly update and explore new technologies such as AI to bolster threat detection.
- Develop a culture of cyber confidence: Foster an environment where cybersecurity awareness and responsibility permeate all organisational levels.
Why should I read this?
This article is a must-read for anyone in the biz who cares about their company’s security. With cyber attacks on the rise, understanding the rift between cybersecurity leaders and other executives could be the difference between thriving and merely surviving in today’s digital landscape. This research is your save-the-date reminder to address the vulnerabilities before they hit your balance sheet.