Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.

A new survey suggests the majority of US executives have encountered a cybersecurity incident but this has not translated into the creation of incident response plans.

On Tuesday, Deloitte published the results of a new survey, taking place between June 6 and August 24, 2021, which includes the responses of 577 C-suite executives worldwide (159 in the US) on today's cybersecurity threats. 

The research -- including insight from those in CEO, CISO, and other leadership roles -- suggests that nearly all US executives have come across at least one cybersecurity event over the past year, 98%, in comparison to 84% internationally. 

The COVID-19 pandemic has led to an increase in cybersecurity incidents and it appears that the event rate may disproportionately have impacted organizations in the United States. 

According to Deloitte's research, 86% of US executives have noticed an uptick in attack attempts, a higher climb than that experienced by 63% of leadership worldwide. 

Despite the ongoing risk of cyberattacks, US enterprise firms are not up to par when it comes to implementing defense and incident response initiatives. In total, 14% of US executives have no such plans, in comparison to 6% of non-US executives. 

Problems including data management issues, infrastructure complexities, failures to keep up with technological advances, and missteps in prioritizing cybersecurity are all cited as challenges in coming up with workable cybersecurity plans. 

Over 2021, incidents including the Microsoft Exchange Server hacking wave, the ransomware incidents at JBS and Colonial Pipeline, and the DDoS attack against KT have highlighted the severe business disruption caused by successful attacks. 

Of interest is that rather than malware, phishing, or data breaches being a top concern, 27% of executives said they were most worried about the actions of "well-meaning" employees who may inadvertently create avenues for attackers to exploit. 

However, only 41% of organizations say they have implemented solutions to track and monitor the risk factors associated with staff access and behavior. 

The research suggests that the common consequences experienced by today's firms after an incident include disruption (28%), a drop in share value (24%), intellectual property theft (22%), and damage to reputation that prompts a loss in customer trust (22%). 

In addition, in 23% of cases, a cyberattack can lead to a change in leadership roles.

"No CISO or CSO ever wants to tell organizational stakeholders that efforts to manage cyber risk aren't keeping up with the speed of digital transformations made, or bad actors' improving tactics," commented Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal. "Aggressive organizational digital transformations and continued remote work for some seem to be shining more of a spotlight on the human side of cyber events -- both the cyber talent gap and the potential risk well-meaning employees can pose. We see leading organizations turning to advanced technologies to help bridge those gaps."

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0