Part 2: Existential cyber threat
With ransomware attacks and high-profile data breaches dominating the headlines, C-level executives are increasingly concerned about the threat posed by cyber crime.
Our research revealed that nearly one third (28%) of executives cited cyber security as their top concern, making it the board’s highest tech priority. Generative AI is substantially behind at just 14%, followed by sustainability on 8%. Other areas cited of key importance were improving remote working and using big data to cut costs.
Tech leaders were especially worried about cyber with 30% claiming it as their top concern, compared with 25% of non-tech leaders. However, CEOs appear to be closely aligned with their tech teams when it comes to the existential cyber threat, with just under 30% identifying cyber as their biggest concern.
This suggests a significant portion of mid-sized companies are well aware of the security threat, but perhaps don’t yet have the infrastructure or talent in place to fully address it, while larger organisations are feeling like it is an area they are more in control of.
Although cyber was universally seen as the biggest threat, there were some regional disparities with executives in Germany placing significantly more emphasis on cyber as a threat (33%) compared to the US (23%).
Cyber was perhaps unsurprisingly, also the top area that executives are most interested in knowing more about as they seek to stay on top of global cyber threats to protect their business. Overall, 47% said cyber was the area they were most interested in learning more about in terms of its business implications. Tech leaders (48%) were broadly aligned with non-tech leaders (46%) on the importance of cyber security. However, CEOs, who are at the sharp end of responsibility for major breaches, were the keenest to know more about cyber security (56%).
Unsurprisingly, the majority of organisations have their technology team responsible for their cyber security function, with almost all having at least a dedicated team to handle it, although 2% admitted that no-one in particular oversees cyber despite it broadly being considered the boardroom’s top priority.
When asked what their biggest talent pain points were, cyber security once again topped the list at 39%, followed by software development on 22%, cloud architecture at 20%, data analytics on 19% and AI on just 19%. Chief technology officers were the most in need of cyber talent with 46% labelling it their biggest staffing challenge. For our focus group, data analytics jumped to the top for biggest talent pain points, with architecture and digital transformation also priorities for recruitment.
There were some interesting disparities between the responses from different members of the board, depending on their responsibilities. While 43% of tech leaders saw cyber as their biggest tech talent pain point, only 29% of chief people officers (CPOs) felt the same.
Similarly, non-tech leaders saw service delivery as a much bigger talent pain point, ranking it third, than tech leaders, who ranked it eleventh.
This would suggest there’s still work to do for tech leaders to have their agenda and priorities fully adopted across the business.
Cyber was first place when it comes to 2024 investment priorities, with 30% of respondents saying it was the most important consideration for extra funding. The second biggest investment priority was generative AI (19%) followed by software development at 14%.
Interestingly, the finance sector saw cyber as less of a tech challenge (it was selected by only 19%), which may reflect the fact that financial services organisations are further along their cyber journey and already have long established security teams and protocols in place.
Cyber security tooling
Employee training and awareness
Recruitment
Professional services (managed services/outsourcing)
“The threat posed by cyber risk continues to grow. The geopolitical landscape indicates that this trend is highly likely to continue, and it’s a very real and profound issue for many businesses to navigate, with the performance of cyber risk management being an increasing feature of what’s demanded of service providers. […] Ensuring that our products and services are inherently secure by design, with proactive monitoring and testing practices, is key to managing the risk posture for cyber.”
“Nowadays, in most if not all industries, cyber security has become the highest operational risk for any business. Most companies have raised their game in this area, and the boards have played a major role in driving this positive trend. Much more is needed, however, in regards to the indirect cyber exposure through the supply chain (or extended enterprise).”