CEOs are fully aware of the threats to their business from cyberattacks. Yet, our research shows most lack confidence in their organization’s ability to avert or minimize such attacks. They learn how to be cyber resilient only after their organization experiences a breach. This reactionary way of treating cybersecurity results in greater risk of attacks and higher costs to remediate them. Our research finds that there is a better way for some. In this practical guide, we explore how CEOs are best placed to set in motion five actions that minimize risk and put cyber resilience at the heart of their reinvention efforts.
Is cybersecurity a business priority?
It should be. It keeps business operations running smoothly, helps organization’s optimize performance
and secures customer and supplier relationships. CEOs that sideline cybersecurity expose their organizations to more risk.
Powerful forces are multiplying digital vulnerabilities. Technology innovation, including generative AI and quantum computing, environmental challenges, shifting consumer preferences, supply chain interruptions and geopolitical instability are colliding to disrupt boardroom agendas and make cybersecurity resilience a top priority.
A handful of organizations are taking charge of their own disruption by embracing Total Enterprise Reinvention, a strategy that leads to a new performance frontier. Their goal is to reinvent every part of their companies over time, centered around a digital core and a culture and capability focused on continuous reinvention.
In the context of these changing landscapes, Accenture studied the cybersecurity practices of 1,000 CEOs of large organizations to better understand what it means to be a cyber-resilient leader today. The research shows CEOs are fully aware of cybersecurity, with 96% agreeing it is a key enabler for organization growth and stability. Yet, 74% are concerned about their organization’s ability to avert or minimize damage to the business from a cyberattack. It is a disconnect that highlights that a majority of CEOs lack confidence that their organizations are truly cyber resilient and their uncertainty is reflected in how they prioritize their cybersecurity investments.
Backed by our broad cybersecurity experience, Accenture has identified three issues that continue to challenge CEOs today:
Limited understanding of cybersecurity and its relationship to the business.
Cybersecurity gains are difficult to quantify. More than one-half of CEOs said the cost of implementing cybersecurity is much higher than the cost of suffering a cyberattack, yet this is the reverse of reality. Unsurprisingly, the lack of understanding results in limited strategic focus; only 15% of CEOs said they have dedicated board meetings for discussing cybersecurity issues.
Compartmentalizing cybersecurity risks as compliance issues.
Cybersecurity risks are seen as compliance issues that should be addressed by back-office control unctions. Almost half (44%) of CEOs don’t view cybersecurity as a strategic business matter and said it requires episodic intervention rather than ongoing attention, while 60% of CEOs said their organizations
don’t introduce “security-by-design”—that is, cybersecurity is not baked into business strategies, specific services or products from the outset.
Leaders’ inability to keep pace with the business impact of fast-evolving risks.
Only 33% of CEOs strongly agree that they have deep knowledge of the evolving cybersecurity threat landscape and the potential cost their business could incur from failing to understand and act on new risks. Take generative AI, which is rapidly transforming everything. If it is not secure, organizations
face increased risk of compromise, regulatory non-compliance, reputational damage and an inability to sustain competitive advantage. Limiting the scope and importance of cybersecurity in the business can be a missed opportunity for CEOs. It is often only after experiencing a cyberattack that the CEO understands
the importance of cybersecurity and begins to personally engage time and effort into it. Such an approach is risky, given the exponential increase in cybercrimes and the potential impact on reputation and brand.
Views: 0
