CEOs Fear Falling Victim to Next Big Breach, Says Study
Despite most business leaders having confidence in their IT security teams and the way they handle potentially dangerous situations, many are still worried about falling victim to the next big breach. In fact a new report by global cybersecurity firm Forcepoint, in partnership with WSJ Intelligence, reveals that three-fourth of CEOs (76%) are losing sleep over the prospect of becoming the next big, headline-grabbing security breach victim. Yet, at the same time, an even higher percentage (87%) believes that their security team is consistently ahead of cybersecurity threats, the report revealed.
The global survey of 200 CEOs and senior business leaders was conducted in industries including healthcare, finance, and retail, and uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, Forcepoint said. They include a lack of an ongoing cybersecurity strategy for less than half of all CEO respondents.
The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability.
Gap in cybersecurity strategies
The disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%), according to the report.
Meanwhile, cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization, the Forcepoint report said. Only 46% of leaders regularly review their cybersecurity strategies, according to the report.
“When more than 89% of leaders believe their teams are more cyber-aware than ever, it’s not surprising to hear executives are losing sleep over their cybersecurity posture today because they know the stakes to their business are so high,” said Nicolas Fischbach, global CTO of Forcepoint, in a statement.
“At a time when cybersecurity is more strategic to business growth than ever before, it is time senior business and security leaders reassess their cybersecurity strategy to one that enables them to move left of breach,” Fischbach said.
Leader companies understand that behavior-based technologies are the modern cybersecurity path forward and those that get cybersecurity right today will see this become a key competitive differentiator for their business in the years ahead, Fischbach said.
Disparities across geographies
The research revealed a disparity in how enterprises across global geographies prioritize key elements of security. Protecting customer data is a resounding priority for leaders in the US (62%) and Europe (64%), while in Asia 61% of leaders will prioritize protecting organizational IP over customer data, according to the report.
Factors influencing these results may be due in part to differing regulatory approaches to data and privacy protection as well as recent legislative decisions in the US and Europe, such as GDPR and CCPA, Forcepoint noted.
CEO and CISO tussle?
There is also a clear divide between CEOs and CISOs in how they identify the right cybersecurity path forward for their business. CEOs prefer to be proactive and risk-focused (58%), prioritizing maintenance of business stability above all. While more than half of CISOs (54%) embrace a more reactive, incident-driven approach to mitigating today’s dynamic cybersecurity threat landscape, the report stated.
The research also found that, despite claiming vendor fatigue, enterprises use more than 50 security vendors on average with 62% reporting they want even more. However, as more enterprises begin to embrace the cost savings and benefits of converged networking and security capabilities found in the emerging Secure Access Service Edge (SASE) security architecture approach the need for dozens of security vendors will abate over time, Forcepoint said.
“Companies leading on the cybersecurity front today are realistic about the risks they face and are prepared to prioritize security to protect the lifeblood of their business – which is customer data and organizational IP,” Fischbach said. Now, with a new way of working, getting this right within a remote work reality has never been more critical, he said.
“Now is the time for all business and security leaders to recognize the business continuity actions they take now will determine whether they simply survive or thrive in today’s new business reality,” Fischbach concluded.