Buildings are seen along EDSA in Quezon City, July 3, 2022. — PHILIPPINE STAR/ MIGUEL DE GUZMAN

Many business leaders do not prioritize cybersecurity, leaving their companies more vulnerable to security breaches and threats, according to a study by global professional services company Accenture.

More than half (60%) of the 1,000 chief executive officers (CEOs) surveyed globally do not employ a security-by-design approach or initially incorporate cybersecurity into their business operations, Accenture said in its report emailed to reporters on Monday.

The report said that 44% of CEOs prefer episodic intervention over ongoing attention when dealing with cyber threats.

At the same time, the study noted that 96% of the CEOs agree that cybersecurity is a key enabler for the growth and stability of their organizations, with 74% expressing concerns about their ability to mitigate damages from a cyber-attack.

“It is a disconnect that highlights that a majority of CEOs lack confidence that their organizations are truly cyber-resilient,” Accenture said. “Their uncertainty is reflected in how they prioritize their cybersecurity investments.”

“Technology innovation, including generative AI and quantum computing, environmental challenges, shifting consumer preferences, supply chain interruptions, and geopolitical instability are colliding to disrupt boardroom agendas and make cybersecurity resilience a top priority,” it added. 

With the rapidly evolving threat landscape, Accenture noted that only 33% of CEOs said they understand the potential cost their business could incur from cybersecurity negligence. 

“It is often only after experiencing a cyberattack that the CEO understands the importance of cybersecurity and begins to personally engage time and effort into it,” the company said. 

“Such an approach is risky, given the exponential increase in cybercrimes and the potential impact on reputation and brand,” it added. 

Research published by Cybersecurity Ventures showed that cybercrime losses are expected to increase to $10.5 trillion in 2025, from $8 trillion this year.

Accenture noted the recent high prevalence of state-sponsored attacks, cybercriminal groups, ransomware-as-a-service, supply chain attacks, and attacks on critical infrastructure this year contributing to said growth. 

The company has advised business leaders to invest in cybersecurity through proactive changes to their business strategy, talent and culture, technology, ecosystems, and continuous resilience, it said in its report. 

“Cybersecurity should reduce organizations’ risk and optimize capabilities and should be given the same level of importance as financial performance,” Accenture said on establishing a value-based cyber protection strategy. 

“Conduct required trainings to upskill the team and, if needed, bring in managed security service providers,” it added on fostering a culture of cyber-savviness at all company levels. 

“The digital core should be built with security by design, and it should have secure access.” 

“Cyber risk assessment shouldn’t be limited to specific departments or functions,” it said on building cybersecurity ecosystems. “It should be an enterprise-wide exercise.” 

For continuous resilience beyond the organization, Accenture noted that collaborative relationships must be fostered to share threat intelligence and shape local and global policies.

“Build industry-leading security benchmarks and use tech to predict threats before it happens,” it added on embracing ongoing cyber-resilience to stay ahead of the curve. 

It reported a 16% higher incremental revenue growth, 21% more cost reduction improvements, and 19% healthier balance sheet improvements among cyber-resilient CEOs. 

The Accenture cyber-resilient CEO survey was conducted in June 2023 with the participation of 1,000 CEO respondents from 15 countries across 19 industries, with $1 billion or more of annual revenues in their own business. — Miguel Hanz L. Antivola

RELATED ARTICLESMORE FROM AUTHOR