Business man

CISOs, C-suite remain at odds over corporate cyber resilience

PwC report highlights rifts at boardroom level
Pro
Image: energepic.com via Pexels

8 October 2024

Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to a report by PwC.

More than two-thirds of technology leaders see cybersecurity as their top risk for mitigation, compared with only 48% for business leaders, according to the 2025 Global Digital Trust Insights report. The research is based on a survey of more than 4,000 business and technology executives across 77 countries. 

Less than half of executives said their CISOs were heavily involved in strategic planning, reporting to the board and overseeing technology deployment. In addition, there is a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure.

 

advertisement



 

The research highlights a troubling gap between security executives and the C-suite at a time when the security industry has been pushing businesses to embrace cyber risk as a core business risk. 

“This gap can be concerning because it indicates that security and IT executives, who are more attuned to the day-to-day operational difficulties and potential vulnerabilities, may not be effectively communicating these risks to the leadership team – or may not have the opportunity to do so,” Matt Gorham, leader of PwC’s Cyber & Privacy Innovation Institute, said via e-mail. 

The report indicates a misalignment between IT security leaders and the C-suite on their perceptions of cyber risk, as well as the top priorities necessary to address these issues.

According to the report, cloud security is the top investment priority for tech leaders, followed by data protection and trust. In contrast, nearly half of business executives in the study said that data protection is their top business priority, followed by tech modernisation.  

More than a year has passed since the US’ Securities and Exchange Commission voted to adopt rules requiring businesses to disclose material cyber incidents to investors. Those rules also require companies to disclose cyber strategies and risks. 

Prior studies show that while CISOs have gained more access to the C-suite and corporate boards, the various stakeholders have competing sets of priorities. 

A report released in May from Trend Micro shows that CISOs have felt pressure from corporate boards to downplay the severity of cyber risk facing their organizations. 

Cybersecurity Dive

Read More:


Back to Top ↑

TechCentral.ie