Most CEOs just don't think their businesses are ready to deal with cybercrime

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Many Chief Executive Officers (CEO) and Chief Information Security Officers (CISO) don’t believe their organizations are prepared for the cybersecurity landscape of today, new research has claimed.

Analyzing cybersecurity strategies and results of 1,200 large organizations in 16 countries, ThoughtLab’s latest report found almost a third (29%) of CEOs, and two in every five (40%) CISOs, are worried about what’s coming.

The reasons for worry are plenty: from the rising complexity of supply chains, to the speed at which digital innovation is happening, to tight cybersecurity budgets, lack of understanding from other executives, emerging technologies, the convergence of digital and physical environments, to talent shortages and ineffective training. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Rising threats of ransomware

With 35%, organizations in critical infrastructure have the highest percentage of unprepared organizations, followed by those in healthcare, the public sector, telecoms, and aerospace and defense. 

The survey’s respondents expect rising numbers of social engineering attacks and ransomware attacks against their endpoints in the next 24 months, saying nation-states and cybercriminals will become even more active than they are today. 

They expect the attacks to target mostly software misconfiguration (49%) and employees (40%), but will also look for gaps due to poor maintenance, and unknown assets.

ThoughtLab has also analyzed some of the best-performing companies when it comes to cybersecurity, and outlined some of their best practices. With that in mind, the report suggests organizations take cybersecurity maturity to the highest level; ensure adequate cybersecurity budgets (businesses reporting no material breaches last year spent an average of 12.8% of their IT budgets on cybersecurity, or $4.7 million, on average); build a rigorous risk-based approach; make cybersecurity people-centric; harness intelligent automation; improve security controls, and do more to measure performance. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.