TEST to main content First level navigation Menu
Laptop on office desk at night.

Is the C-suite ignoring IT security risks?


More than 90 percent of Fortune 500 companies have been victims of cybercrimes. 

Cases of security leaks and hacks hit the headlines nearly every day. A recent Accenture report1, Business Resilience in the Face of Cyber Risk, found two-thirds of the executives polled admitted they “experience significant attacks that test the resilience of their IT systems on a daily or weekly basis.”

And yet, cybersecurity often takes a back seat in the C-suite and the boardroom. PwC’s Global State of Information Security Survey 20152 found that 58 percent of CEOs and board members have no role in the deployment of cyber security measures or the protection of their organization’s digital assets.

Considering the billions of dollars that hacking has already cost companies, not to mention the blows to the confidence and trust of their customers, cybersecurity isn’t something to delegate solely to IT. It must be a core priority in the C-suite, especially at the CEO and board level. The risks of not paying attention aren’t just potentially damaging, they could be deadly for your brand. 

A lot of information gets trapped between departmental silos, miscommunication and inconsistent security measures.

Customers are more security conscious than ever

As cases of cyber-attacks keep coming, customers are more concerned about the security of their personal information than ever. Don’t be surprised if potential customers start asking whether you have a strong cybersecurity plan in place to ensure that their personal data is kept safe. In fact, security is now one of the most critical factors for winning contracts. Clearly, the C-suite needs to get involved in the cybersecurity game, and get involved quick. 

Cybersecurity is not just IT’s problem

Data security has long been thought of as strictly an IT responsibility. This is no longer the case: Cyber threats can bring large-scale repercussions to corporations in any industry, and the damage that occurs won’t just on the financial or public relations front. Cyber threats can impact long-term growth, and affect employee morale.

Many companies — if they didn’t already have a digital presence from the day they launched — are going through a digital transformation, too. Enterprise mobility, remote workers, cloud-based business operations, and even bring-your-own-device (BYOD) practices bring significant benefits, but can also leave an organization vulnerable to a whole range of cybersecurity issues.

Speaking to Accenture’s report, Brian Walker, managing director of Accenture Technology Strategy, says the big question for organizations is not if, but when a cyber-attack will happen. “[Companies] cannot prevent an attack or failure, but they can mitigate the damage it can cause by taking steps to make their business more resilient, agile and fault-tolerant,” he said.

There’s no magic bullet to help organizations block digital breaches; every organization needs to find its own solution. This is why it’s necessary for a CEO to raise the priority of cybersecurity not just with the CIO, but across the C-suite and the board — in fact, across the entire company. A lot of information gets trapped between departmental silos, miscommunication and inconsistent security measures included. Leaders must work together to break down these silos and create damage-prevention strategies that flow seamlessly from one department to the other. 

For example, successfully responding to a cyber-attack may depend on:

  • How quickly your chief human resources officer can scale your workforce to respond to customer concerns and any damage to customer data and intellectual property.
  • How efficiently your chief financial officer manages any issues stemming from non-compliance with legislative requirements, in order to lessen the financial burden.
  • How well the chief marketing officer responds to minimize the impact on the brand’s image following the attack.


A successful cybersecurity strategy can only begin when an organization’s leaders are educated about all the potential risks. As the person at the helm of an organization, the CEO needs to take it upon him or herself to get other C-suite members involved.

Cyber security requires combined effort 

A successful cybersecurity strategy can only begin when an organization’s leaders are educated about all the potential risks. 
1 Source: Roger Ostvold and Brian Walker. "Business resilience in the face of cyber risk." Accenture Strategy. https://www.accenture.com/us-en/insight-protect-from-cyber-risk-with-business-resilience 
2 Source: Kevin Wright. "Is your CEO ignoring their cyber security responsibilities?" Global State of Information Security Survey 2015. PwC.June 26, 2015. http://www.itgovernance.co.uk/blog/is-your-ceo-ignoring-their-cyber-security-responsibilities/