Enterprises under growing pressure to demonstrate readiness for cyber threats
A new study commissioned by Immersive Labs shows 96 percent of cyber leaders believe effectively communicating cyber-readiness to senior leadership and boards will be crucial in 2025, driven by regulatory compliance requirements and an increase in attacks.
The survey conducted by Sapio Research reveals that 49 percent of those surveyed report having experienced a cyberattack in the past year.
In order to to better prepare their people for threats, 94 percent of respondents have deployed cyber drills, or plan to, within the next three years. 44 percent of decision-makers report that hands-on exercising is among the most effective methods when it comes to preparing for threats.
"Executives are much more attuned to cyber threats, cyber risk," says Dan Potter, senior director of operational resilience at Immersive. "They're becoming a lot more savvy around this topic. They're becoming a much more attuned to the fact that resilience is about being able to respond to a disruptive event. My personal view would be there's lots of disruptions in the business environment today that might not be down to cyber. They're having to deal with them all the time, whether that's inflation pressures or supply chain challenges. I think there's growing recognition that cyber is a particular challenge that leadership needs to be ready for, and they need to have confidence in the investments that they're making in protecting their organization -- through the security team, through their technology infrastructure, through their supply chain -- to have the capabilities in place."
The most significant risks are seen as software and cloud vulnerabilities (51 percent) and ransomware attacks (46 percent), followed by GenAI threats and phishing, both at 44 percent.
However, 76 percent of cyber leaders say they face barriers to cyber-readiness, with the biggest roadblock being prioritization of other business objectives that give demonstrable ROI (31 percent). Interestingly, despite these barriers, senior leadership isn't one of them. Organizations report that board-level and senior leadership's understanding of cyber-readiness is high, with 55 percent reporting that their leaders are cyber-savvy.
"I think leaders across organizations are becoming more aware of this challenge," adds Potter. "I think they need to understand cyber risk, but they don't need to understand cyber in a huge technical way. They just need to know they've got the right people with the right skills, but in depth across the organization."
You can read more on the Immersive blog.
Image credit: Napong Rattanaraktiya/Dreamstime.com