Skip links
CEOs and cybersecurity

World Economic Forum urging business leaders to take cybersecurity more seriously

Top executives are not taking cybersecurity seriously enough! This is the conclusion reading World Economic Forum report Global Cybersecurity Outlook. A WEF study reveals that cyber and business leaders still have a great deal of work to do to truly understand each other, articulate the risk cyber issues pose to their business and translate that into meaningful management and mitigation measures, the Forum report says.

“As the cyber landscape promises to become more complex in the coming years, it is critical that organizations work to resolve this now if they are to build systemic cyber resilience for the long term.”

“We are pleased to see improvement in a crucial area – awareness of cyber-risk issues, at the executive level, has gone up. At the same time, this year’s Global Cybersecurity Outlook report represents a challenge to leaders – to think more deeply about cybersecurity and listen more intently to cyber experts, and to each other, in order to ensure our shared resilience.”

“Hearing is not the same as listening. This aptly characterizes the relationship between cyber and business leaders in many organizations. The significance of cyber risk has certainly been heard in C-suites and boardrooms. Whether cyber leaders and business leaders understand each other well enough to meet this challenge is, on the other hand, an open question.” 

Read Also:  Specialists forecast intensified cybercrime attacks in 2023

“Overall, the study indicates that business leaders are more aware of their organizations’ cyber issues than they were a year ago. They are also more willing to address those risks. Nonetheless, cyber leaders still struggle to clearly articulate the risk that cyber issues pose to their organizations in a language that their business counterparts fully understand and can act upon.” 

“As a result, agreeing on how best to address cyber risk remains a challenge for organizational leaders.”

The report says that character of cyberthreats has changed. Respondents now believe that cyber attackers are more likely to focus on business disruption and reputational damage.

Read Also:  Cybersecurity is a USD 2 trillion market opportunity

Key findings:

 – Global geopolitical instability has helped to close the perception gap between business and cyber leaders’ views on the importance of cyber-risk management, with 91% of all respondents believing that a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years.

 – Following from this, 43% of organizational leaders think it is likely that in the next two years, a cyberattack will materially affect their own organization. This, in turn, means that in many cases, enterprises are devoting more resources to day-to-day defences than strategic investment. – The data protection and cybersecurity concerns created by geopolitical fragmentation are increasingly influencing how businesses operate and the countries in which they invest.

 – Business executives acknowledge that their organization’s cybersecurity risk is influenced by the quality of security across their supply chain of commercial partners and clients.

 – Leaders intend to respond to these concerns by strengthening controls for third parties with access to their environments and/or data and re-evaluating which countries they do business in. However, business leaders are more likely to focus on in-house solutions for cyber-risk management, whereas security leaders place a higher priority on partnerships with other organizations. 

– Many organizations are undertaking large digital transformation projects. Adding emerging technology to legacy IT increases the complexity of organizations’ digital environments and therefore their cybersecurity risk. Leaders struggle to balance the value of new technology with the potential for increased cyber risk in their organizations. 

– Cyber executives are now more likely to see data privacy laws and cybersecurity regulations as an effective tool for reducing cyber risks across a sector. This is a notable shift in perception from the 2022 Outlook report. Despite the challenges associated with compliance, cyber leaders acknowledged that regulation incentivizes muchneeded action on cybersecurity.

 – Structured interactions between cyber and business leaders are becoming more frequent – 56% of security leaders now meet monthly or more often with their board. This is rapidly narrowing the cybersecurity perception gap. However, more needs to be done to promote understanding between business and security teams to support effective action by organizational leaders.

 – Building a security-focused culture requires a common language based on metrics that translate cybersecurity information into measurements that matter to board members and the wider business. 

– Changes in organizational structure that embed cyber-risk discussions across a business can also promote more fluid communication and effective cyber-risk management. 

– Ultimately, cyber leaders must present security issues in terms that board-level executives can understand and act on. Business leaders, for their part, need to accept more accountability for operational cyber requirements to advance their organizations’ overall cyber capabilities.

 – Cyber talent recruitment and retention continues to be a key challenge for managing cyber resilience. A broad solution to increase the supply of cyber professionals is to expand and promote inclusion and diversity efforts. In addition, understanding the broad spectrum of skills needed today can help organizations to expand their hiring pools. A number of promising initiatives are already in place, but these tend to focus on small cohorts. Time, thought and investment are needed to make cyber-skills development programmes scalable.

Read Also:  91% of companies report cyber incidents

Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.