Part 2: Existential cyber threat

Existential cyber threat

With ransomware attacks and high-profile data breaches dominating the headlines, C-level executives are increasingly concerned about the threat posed by cyber crime.

Our research revealed that nearly one third (28%) of executives cited cyber security as their top concern, making it the board’s highest tech priority. Generative AI is substantially behind at just 14%, followed by sustainability on 8%. Other areas cited of key importance were improving remote working and using big data to cut costs.

Leaders from organizations of 250-500 people saw cyber as their biggest technology threat (32%) while the lowest proportion of leaders citing cyber as their main concern came in businesses of over 500 employees (23%).

Tech leaders were especially worried about cyber with 30% claiming it as their top concern, compared with 25% of non-tech leaders. However, CEOs appear to be closely aligned with their tech teams when it comes to the existential cyber threat, with just under 30% identifying cyber as their biggest concern.

This suggests a significant portion of mid-sized companies are well aware of the security threat, but perhaps don’t yet have the infrastructure or talent in place to fully address it, while larger organizations are feeling like it is an area they are more in control of.

Although cyber was universally seen as the biggest threat, there were some regional disparities with executives in Germany placing significantly more emphasis on cyber as a threat (33%) compared to the US (23%). Cyber was perhaps unsurprisingly, also the top area that executives are most interested in knowing more about as they seek to stay on top of global cyber threats to protect their business. Overall, 47% said cyber was the area they were most interested in learning more about in terms of its business implications. Tech leaders (48%) were broadly aligned with non-tech leaders (46%) on the importance of cyber security. However, CEOs, who are at the sharp end of responsibility for major breaches, were the keenest to know more about cyber security (56%).

Unsurprisingly, the majority of organizations have their technology team responsible for their cyber security function, with almost all having at least a dedicated team to handle it, although 2% admitted that no-one in particular oversees cyber despite it broadly being considered the boardroom’s top priority. When asked what their biggest talent pain points were, cyber security once again topped the list at 39%, followed by software development on 22%, cloud architecture at 20%, data analytics on 19% and AI on just 19%. Chief technology officers were the most in need of cyber talent with 46% labelling it their biggest staffing challenge. For our focus group, data analytics jumped to the top for biggest talent pain points, with architecture and digital transformation also priorities for recruitment.

There were some interesting disparities between the responses from different members of the board, depending on their responsibilities. While 43% of tech leaders saw cyber as their biggest talent pain point, only 29% of chief people officers (CPOs) felt the same.

Similarly, non-tech leaders saw service delivery as a much bigger talent pain point, ranking it third, than tech leaders, who ranked it eleventh.

This would suggest there’s still work to do for tech leaders to have their agenda and priorities fully adopted across the business. Cyber was first place when it comes to 2024 investment priorities, with 30% of respondents saying it was the most important consideration for extra funding. The second biggest investment priority was generative AI (19%) followed by software development at 14%. Interestingly, the finance sector saw cyber as less of a tech challenge (it was selected by only 19%), which may reflect the fact that financial services organizations are further along their cyber journey and already have long established security teams and protocols in place.

What is your top priority when it comes to investment for your business's cyber security needs?

Cyber security tooling
Employee training and awareness
Recruitment
Professional services (managed services/outsourcing)

“To succeed, it’s crucial for business leaders, which includes C-tech leaders, to have clarity on their strategic outcomes so they can build a synchronized view on where and how technology can create value, whether through gen AI, digitization, digitalization, automation or augmentation.

The board needs a transparent view and an understanding of the risks from C-tech leaders to calibrate the investment and talent required to achieve their aims through technology. With this in mind, it is a positive step to see that 2/3 of C-tech leaders now report to the CEO, which will no doubt facilitate the necessary alignment of technology to the business strategy and the consensus on priorities.” 

Norma Dove Edwin, CDIO, Advisor and NED for HSBC Bank Plc and Pod-Point

What we're hearing…

“The threat posed by cyber risk continues to grow. The geopolitical landscape indicates that this trend is highly likely to continue, and it’s a very real and profound issue for many businesses to navigate, with the performance of cyber risk management being an increasing feature of what’s demanded of service providers. […] Ensuring that our products and services are inherently secure by design, with proactive monitoring and testing practices, is key to managing the risk posture for cyber.”

Andy Szabo, Managing Director, Correla SaaS

“Nowadays, in most if not all industries, cyber security has become the highest operational risk for any business. Most companies have raised their game in this area, and the boards have played a major role in driving this positive trend. Much more is needed, however, in regards to the indirect cyber exposure through the supply chain (or extended enterprise).”

Philippe Mazas, CIO, Mundipharma

“Cyber security emerges as a top concern across the boardroom, with a significant percentage of executives identifying it as their top priority. This reflects the growing awareness of digital threats and the need for robust security measures to protect sensitive data and maintain trust in digital systems. The high interest in learning more about cyber security among board members further emphasises its criticality in the corporate agenda.”