3 ways CEOs can build or enhance their cybersecurity

Make no mistake: There is no greater threat to business than a cyberattack. Despite headlines igniting fears that artificial intelligence could displace jobs or even entire industries, cyberattacks remain the foremost risk for business leaders, whether small, midsize, or large. As AI becomes mainstream and technology advances, the threat of a cyberattack increases significantly.

Cyberattacks result in millions of dollars lost, not to mention immeasurable and often far-reaching impacts on operations, business confidence, and customer trust, among other critical metrics. As of 2024, the average nominal cost of a data breach in the U.S. is a whopping $4.88 million.

Alarmingly, our CEO Confidence Index survey data has shown a steady rise in the number of small and midsize businesses impacted by cyberattacks and incidents. As of December 2024, 5% of CEO survey respondents reported having an incident that resulted in lost or compromised data, an increase from 4% the year prior.

Meanwhile, one in five (20%) said they’d had an incident that did not result in lost or compromised data, and nearly one in three (27%) said a customer or supplier had experienced a cyber-related incident.

The good news? We’re also seeing a notable increase in cyber preparedness. Nearly 6 in 10 (58%) of CEOs reported having an up-to-date strategy they review at least annually, up significantly from 38% in 2017.

Still, 17% of CEOs report having an outdated strategy, 16% don’t have a plan, and 9% are working on a plan but don’t currently have one in place. That means 42% of small or midsize businesses are exposed and at high risk of a cyberattack.

In today’s world, an up-to-date cybersecurity strategy is no longer optional or even a best practice; it is required to ensure the safety of the business and its customers. Even for the 95% of business leaders who have not experienced a massive attack that resulted in lost or compromised data, the rapidly evolving sophistication of technology and extensive potential costs at stake are unignorable.

Whether a business leader is starting from scratch or simply looking to improve their current strategy, the following are three critical yet overlooked considerations for every CEO:

1. Have a response plan

No CEO can risk thinking a cyberattack will never happen to them or their business. Beyond having a regularly updated proactive strategy to prevent and defend against bad actors, every leader must also have plans for various worst-case scenarios. How would we reply to specific requests from hackers? Do we have backups in place if our tech were to go down? How will we communicate breaches internally and externally? These are just a few examples of the countless questions CEOs should ask themselves when creating a response plan.

2. Know your third-party vendors

CEOs must work closely with their IT teams to identify and audit all third-party service providers, platforms, apps, software, and digital tools employees interact with. Research has shown third-party cyber breaches are 40% more expensive to businesses than internal breaches, meaning no business can afford to blindly give their third-party vendors the benefit of the doubt.

3. Train every employee

Without a doubt, humans remain the weakest link in cybersecurity, and hackers are well aware employees are often the simplest way in. With the advent of generative AI, it is easier than ever for hackers to trick employees into falling for detrimental phishing hacks and scams. Hackers can use convincing deepfake audio and videos to sway employees into disclosing sensitive information. Every employee must be well-versed and literate in cybersecurity, from the receptionist to the CEO.

Not only should everyone be trained to be wary of phone calls and emails, but they should also know the best next steps for reporting up the chain when they feel a bad actor may have targeted them. Regular training programs coupled with consistent internal communications that aim to increase employee awareness are critical to removing the unpredictable nature associated with humans and cybersecurity.

It is more important than ever that CEOs take action to prepare, protect, and defend their business’s cybersecurity. With technology evolving at the speed of light, CEOs bear a growing responsibility to shore up their security measures and prevent their business from what could potentially be a multimillion-dollar disaster.
This story first appeared in Inc.

Related Resources

CEO confidence surges, indicating growth in 2025 [Q4 Vistage CEO Index]

Technology trends for 2024 and beyond

0 views