CEOs are increasingly concerned about sophisticated cyber attacks on their own companies with nearly half modifying their own online behaviour.
According to the latest report by PwC, nearly half of UK CEOs (48.4 percent) have taken some action regarding their own personal digital behaviour, including deleting social media or virtual assistant apps or requesting a company to delete their data.
Four-in-five of respondents (80 percent) said they were concerned about the risk of cyberthreats to their business, making it the issue they are most worried about, above skills (79 percent) and the speed of technological change (75 percent).
The findings were part of a global survey of almost 1,600 CEOs from 83 countries across the world showing the problems shaping UK CEOs’ cyber security strategies. Among these were growing public concern over data privacy (57 percent), data privacy regulations (57 percent), vulnerabilities in supply chains (41 percent) and the shortage of cyber-security talent (27 percent).
"It's clear that cyber-crime continues to grow as an issue for CEOs around the world, meaning that for many, the threat to their margins, their brands and even their continued existence from cyber-attacks is no longer an abstract risk that can be ignored," said Richard Horne, cyber-security chair at PwC.
"Criminals are becoming more adept at monetising their breaches, with a sharp rise in ransomware attacks this last year. They can have a devastating impact on the organisations they hit, as seen in many high-profile cases."
Horne said that to counterbalance this, CEOs need to focus on how their business is configured - with the ability to be resilient to cyber-attacks becoming a core requirement.
“Cyber-security can no longer be seen as a 'bolt on', but rather something to be designed into the business and IT architecture,” he added.
Saryu Nayyar, CEO of Gurucul, told SC Media UK that the fact that CEOs are becoming more aware of the danger of cyber-attacks is encouraging. With the costs that data breaches have incurred – lost money, lost reputation, lost jobs – cyber-security is now a big enough issue to be elevated to the c-suite and the boardroom.
“It can no longer be ignored or relegated to second tier status or dropped into the laps of low level employees. Defining and implementing an effective cyber-security programme starts at the very top. The CEOs who recognise this will be rewarded by staying out of the data breach headlines,” she said.
Jake Moore, cyber-security specialist at ESET, told SC Media UK that deleting social media won’t stop a highly targeted attack on businesess, but it does reduce the risk and takes away a possible attack vector.
“Social media can be a great tool used by anyone- but if you are a famous celebrity, politician, or CEO of a well-known company, you naturally become more highly targeted and create a sort of honey pot to online attackers,” he said.
“They will try any way they can to enter a business, and social media is just another path on their list of entry points. Taking this out of the equation can be extremely helpful, especially if the person being targeted has used a password that they have used before, or if they have not set up two factor authentication.”