CEOs (should) play a critical role in achieving cyber resilience
While cybersecurity resilience falls under the accountability of Chief Information Officer, a company’s top executive – the Chief Executive Officer – also has an important role to play, writes Ahmed Etman, Managing Director and Cyber Security Lead at Accenture.
The global cost of online criminal acts is expected to surge to $23.84 trillion by 2027. As cybersecurity becomes a critical concern for organizations across the Middle East, the UAE and Saudi Arabia are investing heavily in cybersecurity infrastructure to combat threats.
The UAE thwarted more than 50,000 cyberattacks daily in 2023 and the country’s National Cybersecurity Strategy aims to upskill over 40,000 cybersecurity professionals across all sectors. Saudi Arabia has been recognized for its cybersecurity efforts, ranking second, globally, in the latest edition of the Global Cybersecurity Index.
Chief executives across the region are becoming increasingly aware of how the global economy remains insufficiently protected against cyberattacks and the significant threat they pose to businesses. As cyber threats evolve in complexity and scale, it has become critical for CEOs to safeguard their organizations.
A recent survey by Accenture, which surveyed 1,000 CEOs across 15 countries, representing 19 industries and organizations with revenues exceeding $1 billion, provides insights into how CEOs navigate pressing cybersecurity challenges.
The research indicates that CEOs today are acutely aware of the potential threats posed by cyberattacks, identifying cybersecurity as a key business enabler. This sentiment is even higher in the UAE (98%) and Saudi Arabia (100%) than in other countries surveyed. However, only 33% of global CEOs had deep knowledge of evolving cyber threats. This figure drops to 23% in the UAE and 30% in Saudi Arabia, indicating a substantial gap between perception and understanding.
The survey identified several disruptive forces that contribute to cyber vulnerabilities. Technology innovation tops the list, with 52% of CEOs ranking it as the highest risk for cyberattacks. Emerging technologies such as generative and quantum computing are viewed as highly relevant for cyber trust and resilience by 86% of CEOs, with the UAE and Saudi Arabia expressing concerns.
Supply chain disruptions also pose a significant risk, with 51% of CEOs ranking it the second highest external threat. Environmental vulnerabilities are another major concern, with 90% of CEOs acknowledging the link between fluctuations and cyber risks. Awareness is similarly high in the UAE and Saudi Arabia, at 89% and 90%, respectively.
The reactive CEO
Despite recognizing the importance of cybersecurity, many CEOs adopt a reactive rather than proactive approach. 60% of CEOs admit that cybersecurity is not integrated into business strategies, services, or products from the outset. In the UAE and Saudi Arabia, this figure is 55% and 57%, respectively.
Additionally, 44% of CEOs view cybersecurity as an episodic, technical issue rather than an ongoing strategic concern, with only 11% in the UAE and 37% in Saudi Arabia sharing this view.
A reactive mindset results in greater risks and higher costs. 54% percent of CEOs believe that the cost of implementing cybersecurity measures is higher than that associated with a cyberattack, with significant variations across regions (31% in the UAE and 44% in Saudi Arabia). This perception underscores the need for a strategic shift towards proactive cybersecurity measures.
Compliance drives the cybersecurity strategy for 95% of CEOs, with nearly unanimous agreement in the UAE (98%) and Saudi Arabia (100%). While this compliance-driven approach is necessary, it is insufficient to achieve cyber resilience.
Amid these challenges, a small group of CEOs – 5% of survey respondents – stand out as leaders in cybersecurity resilience. These cyber-resilient CEOs detect, contain, and remediate threats faster, with breach costs that are two to three times lower than their counterparts. They adopt a holistic view of cybersecurity, integrating it across sustainability, talent, technology innovation, and customer engagement.
The cyber-resilient CEO
Cyber-resilient CEOs confidently and effectively manage to reduce data breach costs, consistently surpassing their counterparts in generating value. Our analysis identifies five key actions that leaders consistently take:
1) Embed cyber resilience into business strategies
Accenture’s research revealed that cyber-resilient CEOs embed cybersecurity into their business strategies from the outset, outperforming cyber laggards by 41%. To utilize cybersecurity as a strategic enabler, senior executives consistently link cyber performance to executive outcomes, thus reducing organizational complexity.
2) Establish shared cybersecurity accountability
Cybersecurity-focused leaders foster a culture of shared accountability across the organization, outperforming others by 40%. They achieve this by instilling a cybersecurity-first culture, nurturing security talent, and adopting Cybersecurity-as-a-Service (CaaS) models.
3) Bolster the fundamental elements of digital infrastructure
Outperforming others by 27%, cyber-resilient CEOs prioritize securing their digital infrastructure through a multifaceted approach: integrating security measures throughout the entire lifecycle of a project, from the initial design phase to deployment and beyond, championing a zero-trust approach, and leveraging emerging technologies.
4) Expand cyber resilience beyond the business
Our survey found that collaboration with strategic partners and regulators, in addition to integrating cybersecurity with risk management, were key tactics adopted by cyber-resilient CEOs. These leaders effectively mitigate potential threats and enhance organizational resilience by strengthening stakeholder relationships and embedding security into the overall risk framework.
5) Enable continuous resilience
By adopting ongoing cyber resilience practices, CEOs outperformed others by 39%. This approach includes constantly redefining risk profiles and actively seeking independent reviews. Cyber-resilient leaders harness AI technologies for proactive threat protection, a key element considering the UAE National Strategy for Artificial Intelligence’s focus on cybersecurity as a strategic imperative . Saudi Arabia's National Cybersecurity Strategy also focuses on integrating AI to enhance the nation's protection strategies .
The research emphasizes the critical role of the CEO in achieving cyber resilience. As cyber threats continue to evolve, the need for senior executives who are confident and knowledgeable in cybersecurity will be critical to reducing the cyber-resilience gap both regionally and globally.