Cybersecurity poses present and future challenges, report finds

Present and long-term concerns about cybersecurity are top of mind for C-suite executives around the world, a new report from global consulting firm Protiviti found. Cyber threats have climbed the ranks of the annual report's global risks, going from 15th place last year to third in 2024, and up from 13th to the top risk facing organisations 10 years out.

"The increasing use of technology to drive innovation and increased reliance on third parties create more opportunities for cyber vulnerabilities to be exposed," the report said, "particularly to nation-state and other threat actors determined to exploit these opportunities for geopolitical advantages and financial gain."

Protiviti and North Carolina State University's 12th annual report, Executive Perspectives on Top Risks, surveyed 1,143 directors and senior executives globally. The report details major themes and developments set to change the current risk landscape.

"While the economy is the top-ranked risk for this coming year, cyber threats arguably stand out as the most significant risk issue for boards and C-suite leaders when assessing both near- and long-term outlooks," the report said.

Many leaders view technology-related risks such as cybersecurity, data privacy, third-party reliance, and upskilling employees in emerging technologies as interconnected, the report explained. They say that exposure to any vulnerabilities in those areas "may lead to increased exposure to other risks".

Reputational, privacy, and safety worries loom over organisations, the report said. Business leaders are concerned about their organisation's ability to protect the information they collect, process, store, and manage from unintentional exposure.

These interconnected risks cannot be viewed in isolation, the report emphasised, as talent attraction sits in second place as one of the most immediate risks facing organisations today. For organisations, talent attraction and the ability to upskill existing employees is imperative to allow organisations to embrace emerging technologies.

"Navigating the rapid pace of these digital innovations and finding ways to leverage insights from the volumes of data organisations must evaluate are particularly concerning to executives as they think about their organisations a decade from now," the report said. "Those technology and innovation concerns cannot be separated from other risk concerns … related to the shortages of talent to manage the adoption of digital technologies, the dependence on legacy IT systems, and overarching cyber and privacy concerns."

The report offers five areas of consideration for organisations this year:

Focus on ransomware defences. Companies need to understand their resilience and ability to restore systems to not only become operational on a timely basis, the report said, but also to demonstrate that "any attack would not be a threat to their partners' environments".

Prioritise recruiting cybersecurity talent. Businesses need to consider their cybersecurity talent strategy, the report said. Many organisations are considering outsourcing services from other organisations to buy the talent they may not be able to hire on their own, the report said.

Be ready for generative artificial intelligence (Gen AI) threats. It is important for organisations to understand how bad actors are using these tools to create complex attacks, the report said. Organisations should think about how they can leverage Gen AI "to aid in identifying attacks and establishing more effective automated mitigation capabilities".

Assess regulation requirements. There is an increasing focus on additional regulations requiring cybersecurity breach disclosures and various privacy regulations intended to protect consumers and individuals, the report said. These evolving requirements are pushing organisations to establish new policies and controls to address any gaps that may exist.

Keep an eye on quantum computing. "The rise of quantum computing has the ability to render obsolete existing cryptography methods," the report said. "This is an area where organisations are starting to evaluate their strategy around encrypting data and establishing innovations to deploy quantum-resistant cryptography to secure against attacks."

— To comment on this article or to suggest an idea for another article, contact Steph Brown at Stephanie.Brown@aicpa-cima.com.