CEOs Lack Confidence in Their Organizations’ Ability to Protect Against Cyberattacks Despite Seeing Cybersecurity as Vital to Growth, Accenture Report Finds
Report identifies five actions CEOs need to take to achieve cyber resilience
NEW YORK; Oct.5, 2023 – Three-quarters (74%) of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack—despite the fact that 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to a new report from Accenture (NYSE: ACN).
The report, titled “The Cyber-Resilient CEO,” is based on a survey of 1,000 CEOs from large organizations globally. Accenture’s research points to the reactive way in which CEOs treat cybersecurity, which results in greater risk of attacks and higher costs to respond to and remediate them. It notes that 60% of CEOs said their organizations don’t incorporate cybersecurity into business strategies, services or products from the outset, and more than four in 10 (44%) of the CEOs believe that cybersecurity requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by more than half (54%) of CEOs that the cost of implementing cybersecurity is higher than the cost of suffering a cyberattack despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting US$300 million.
In addition, despite 90% of CEOs saying they consider cybersecurity a differentiating factor for their products or services to help them build trust among customers, only 15% have dedicated board meetings for discussing cybersecurity issues. This disconnect might be explained by the fact that the vast majority (91%) of CEOs said cybersecurity is a technical function that is the responsibility of the CIO or chief information security officer.
The report also suggests that generative AI holds the potential to introduce a greater level of advanced security threats introducing new challenges that even best-practice cyber defenses may not fully address. Nearly two-thirds (64%) of CEOs surveyed said that cybercriminals could use generative AI to create sophisticated and hard-to-detect cyberattacks, such as phishing scams, social engineering attacks and automated hacks.
“The acceleration of generative AI makes it even more essential for organizations to take measures to ensure the security of their data and digital assets,” said Paolo Dal Cin, global lead of Accenture Security. “Unfortunately, it is often only after they experience a material cyber incident that they elevate cybersecurity to a board-level and C-suite priority and expand expectations beyond technology functions to better protect their organizations. Integrating cybersecurity risk into an enterprise risk management framework is the key to ensuring better security, regulatory compliance, business protection and customer trust.”
The research identifies a small group of CEOs who excel at cyber resilience. This group—which Accenture calls “cyber-resilient CEOs” and accounts for 5% of respondents—uses a wider lens to assess cybersecurity across all aspects of their organizations. The companies of these leaders detect, contain and remediate cyber threats faster than other organizations. As a result, their breach costs are considerably lower and financial performance significantly better than the rest, achieving 16% higher incremental revenue growth, 21% more cost-reduction improvements, and 19% healthier balance-sheet improvements, on average.
On the flip side are “cyber laggards”—accounting for nearly half (46%) of the CEOs—who don’t consistently or rigorously take any of the actions that cyber-resilient CEOs do and are typically stuck in a reactionary mode.
Five actions that cyber-resilient CEOs are far more likely than cyber laggards to take proactively are:
- Embedding cyber resilience in the business strategy from the start. Cyber-resilient CEOs are nearly twice as likely to manage cyber performance in the same way they manage financial performance (60% vs. 33%).
- Establishing shared cybersecurity accountability across the organization. Cyber-resilient CEOs are far more likely adopt shared accountability across the C-suite, inspiring executives to champion cybersecurity as a competitive differentiator that accelerates innovation safely (68% vs. 37%) and work closely with their CISOs to assess and manage the risks of generative AI, ensuring that the technology is used safely and effectively (54% vs. 33%).
- Securing the digital core at the heart of the organization. Cyber-resilient CEOs are more than twice as likely to say they plan to boost their cybersecurity budget as the adoption and implementation of digital and emerging technologies intensifies (76% vs. 35%).
- Extending cyber resilience beyond organizational boundaries and silos. Cyber-resilient CEOs are 40% more likely to implement specific policies and controls for third parties and even more likely to promote an enterprise-wide risk assessment approach that cuts across business units and functions (64% vs. 41%).
- Embracing ongoing cyber resilience to stay ahead of the curve. Cyber-resilient CEOs are far more likely to commit to continually establishing industry-leading cybersecurity measures that take into account the changing risk landscape and align with C-suite priorities in order to protect the business and detect and respond effectively to cyberattacks (60% vs. 34%).
“The constantly evolving and never-ending threat landscape is creating a wide gap between CEOs’ increasing awareness of the business impact of cyberattacks and their lack of confidence to mitigate them,” said Valerie Abend, global cybersecurity strategy lead at Accenture Security. “This should be a wake-up call for all those in the C-suite. To close the cyber-resiliency gap, cybersecurity should be viewed as an organization-wide priority—with the right processes for reporting; the involvement of employees at all levels; and greater commitment from and accountability across the C-suite and the board.”
You can explore The Cyber-Resilient CEO report in Accenture Foresight, Accenture’s new thought leadership app, which provides a personalized feed of all our latest reports, case studies, blogs, interactive data charts, podcasts and more. Download the app at http://www.accenture.com/foresight.
Methodology
Accenture Research surveyed 1,000 CEOs from large organizations (revenues > US$1 billion) across 19 industries and 15 countries in North America, South America, Europe, Asia-Pacific and the Middle East. The goal was to determine their organization’s level of cyber resilience and approach to cybersecurity business practices. The survey was conducted online in June 2023. For more information on the methodology, including the development of the cyber-resilient CEO action index, read the full report here.
About Accenture
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 733,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.
Accenture Security is a leading provider of end-to-end cybersecurity services, including strategy, protection, resilience and industry-specific cyber services. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Cyber Fusion Centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Visit us at accenture.com/security.
# # #
Contact:
Alison Geib
Accenture
+1 703 947 4404
alison.geib@accenture.com
Copyright © 2023 Accenture. All rights reserved. Accenture and its logo are registered trademarks of Accenture.