The study indicates that business leaders are more aware of their organisations’ cyber issues than they were last year, and they’re more willing to address those risks. But cyber leaders are still struggling to clearly communicate the risk that cyber issues pose in a language that their business counterparts can fully understand and act upon.
The report also found that the character of cyber threats has changed. The respondents believe that cyber attackers are more likely to focus on business disruption and reputational damage, and these are the respondents’ top two concerns.
Global geopolitical instability has helped to close the perception gap between business and cyber leaders’ views on the significance of cyber risk management, with almost all of the respondents believing that a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years.
Many organisations now seem to be undertaking large digital transformation projects, but adding emerging technology increases the complexity of organisations’ digital environments and subsequently their cyber risk. Business leaders are struggling to balance the value of new technology with the potential for increased cyber risk in their organisations.
According to the report, cyber executives are now more likely to see data privacy laws and cyber security regulations as effective tools for reducing cyber risks across a sector.
“Geopolitical instability, rapidly maturing and emerging technologies, lack of available talent, and increasing shareholder and regulatory expectations represent some of the significant challenges that concern cyber and business leaders…
… We are pleased to see improvement in a crucial area – awareness of cyber-risk issues, at the executive level, has gone up.”
- Paolo Dal Cin Global Lead, Accenture Security | Jeremy Jurgens Managing Director, World Economic Forum
- 86% of business leaders and 93% of cyber leaders believe global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next two years.
- 74% of organisation leaders say that global geopolitical instability has influenced their cyber strategy “moderately” or “substantially”.
- Business continuity (67%) and reputational damage (65%) concern organisation leaders more than any other cyber risk.
- More than 39% of organisation leaders agree that “cyber security is a key business enabler”.
- Less than half of respondents reported having the people and skills needed today to respond to cyber attacks.
- 59% of business leaders and 64% of cyber leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience.
- 76% of business leaders and 70% of cyber leaders agreed that further enforcement of regulatory requirements would lead to an increase in their organisations’ cyber resilience.
- 90% of respondents are concerned about the cyber resilience of third parties.
- 39% of respondent organisations had been affected by a third-party cyber incident.
- Business leaders think increased employee awareness about cyber attacks will have the most positive influence on an organisation’s approach to cybersecurity in the next 12 months.
- Cyber leaders think increased use of cloud-based services will have the most positive influence on an organisation’s approach to cybersecurity in the next 12 months.
- Respondents said that artificial intelligence (AI) and machine learning (20%), greater adoption of cloud technology (19%) and advances in user identity and access management (15%) will have the greatest influence on their cyber risk strategies over the next two years.
With almost all of the respondents expecting to see a catastrophic cyber event in the next two years, it’s vital that organisations are putting robust measures in place to prepare, manage and respond to cyber threats.
Last year, we saw the rate of cyber attacks surge by 38% compared to the previous year, with an average of 1,168 weekly attacks per organisation. Cyber attacks are a matter of when, not if, so is your organisation prepared?
At 3B Data Security, we offer a range of services that services which enable clients to reduce cyber security risk, protect critical information systems and data and achieve compliance with legal and industry regulations.