Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireSecurity Leadership and ManagementSecurity Education & TrainingCybersecurity News

14% of C-suite executives say organizations have no cyber threat defense plans

c-suite-security-freepik5674.jpg
October 27, 2021

Nearly all U.S. executives (98%) report that their organizations experienced at least one cyber event in the past year, compared to a slightly lower rate of 84% in non-U.S. executives, according to Deloitte’s 2021 Future of Cyber Survey. Further, COVID-19 pandemic disruption led to increased cyber threats to U.S. executives’ organizations (86%) at a considerably higher rate than non-U.S. executives experienced (63%). Yet, 14% of U.S. executives say their organizations have no cyber threat defense plans. A rate more than double that of non-U.S. executives (6%). 


As part of a global Deloitte Touche Tohmatsu Limited survey, 577 C-suite executives around the world — 159 from the U.S. — were polled online from June 6, 2021 to Aug. 24, 2021 about their organizations’ cybersecurity programs. Participating U.S. respondents held CEO (25%); chief information security officer, or CISO (23%); CFO (21%); CIO (15%); CMO (13%) or other c-suite positions (3%). U.S. respondents’ organizations had annual revenues of $500 million to less than $5 billion (37%), more than $5 billion to less than $30 billion (53%) or more than $30 billion (10%). A similar survey was conducted in the U.S. only in 2019.  


The biggest fallout U.S. execs report from cyber incidents or breaches at their organizations during the past year include operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of customer trust (22%).

Increases in data management, perimeter and complexities (38%), inability to match rapid technology changes (35%) and a need for better prioritization of cyber risk across the enterprise (31%) all pose obstacles to U.S. executives’ organization-wide cybersecurity management programs. 

 

“No CISO or CSO ever wants to tell organizational stakeholders that efforts to manage cyber risk aren’t keeping up with the speed of digital transformations made, or bad actors’ improving tactics,” said Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. “Aggressive organizational digital transformations and continued remote work for some seem to be shining more of a spotlight on the human side of cyber events — both the cyber talent gap and the potential risk well-meaning employees can pose. We see leading organizations turning to advanced technologies to help bridge those gaps.”

 

Addressing the cyber talent gap in an ever-changing market 

Competition for cyber talent remains fierce, particularly in the U.S., as 31% of U.S. executives say their organizations are often unable to recruit and retain cyber talent — a rate nearly twice what non-U.S. executives (16%) experience.  


“The cyber talent gap is a long-standing industry challenge. And, as the threat landscape and adversarial set diversifies, it’s driving the need for cybersecurity professionals to take more silo-breaking approaches to problem-solving that use a complement of both traditional, technical capabilities as well as less traditional, skill sets in areas like talent management, marketing data retention, and supply chain operations,” said Golden. “At Deloitte, for example, we’re investing in our existing cyber talent with constant learning and upskilling opportunities, while also recruiting and hiring — both traditional and non-traditional — professionals at all levels who are interested in helping our clients solve various cyber challenges.”

 

The unwitting enemy within is a top U.S. C-suite concern

Surprisingly, the cyber threat U.S. executives say they are most concerned about isn’t phishing, malware or ransomware (27%)— it’s unintended actions of well-meaning employees (28%). 


Yet, 15% of U.S. executives say their organizations have no way to detect or mitigate employee cyber risk indicators, and 44% say their organizations rely on leadership to monitor employee behaviors and cyber risk indicators. Just 41% say their organizations leverage automated behavior analytic tools to help detect potential risk indicators among employees. 


“While not always the headline-driver that illicit acts by nation-states or cybercriminals can be, human error introduces considerable risk to any organization,” continued Golden. “Emerging technologies — like advanced analytics, artificial intelligence and machine learning — can help identify and mitigate vulnerabilities that employees, vendors or others can unintentionally create in organizational systems. Further, proactive, tech-enabled cyber programs and adoption of Zero Trust frameworks can offer considerable support to risk management reaching far beyond security itself, nurturing trust between organizations, their employees, clients and other stakeholders.”


 Additional findings of note include:

  • Zero Trust adoption continues to gain momentum. The prioritization of Zero Trust by U.S. executives as they work to transform their organizations’ security capabilities is second only to cyber and technical resilience building. In contrast, Zero Trust is not near as high a priority (ranked No. 7) by non-U.S. respondents. Interestingly, the adoption of Zero Trust can help organizations bolster their cyber and technical resilience by applying a risk-based access control approach across identities, workloads, data, networks and devices. In short, Zero Trust adoption means embracing a “never trust, always verify” security posture across an organization.  
  • Balancing business needs with customer trust has room for improvement in the U.S. Data protection (53% U.S. executives; 43% non-U.S. executives), and data privacy (41% U.S. executives; 42% non-U.S. executives) are top-ranked security projects for executives globally. Despite the loss of customer trust resulting from a cyber event ranking high with 22% of U.S. executives and 16% non-U.S. executives, just 19% of U.S. execs say that their marketing organizations balance the need for customer data collection with engendering customer trust “very well,” compared to 60% of non-U.S. execs who say the same. 
  • Cyber is top of mind for U.S. CEOs and boards. U.S. executives share that their organizations see CISOs reporting direct to CEOs (42%), CTOs (19%) or CIOs (16%). And, nearly all (96%) report that cybersecurity is on the board’s agenda more than once per year — most frequently occurring quarterly (49%) or monthly (30%). Outside the U.S., execs are less likely to see CISOs reporting to CEOs (30%), and cyber appears on the board’s agenda more than annually by most non-U.S. executives (88%), if most frequently occurring quarterly (50%) or biannually (20%). When leaders make decisions on cybersecurity investments, U.S. executives are most likely to do so by leveraging risk quantification tools to discern ROI (45%), compared to non-U.S. executives who are most likely to use cyber maturity assessments to guide those decisions (42%).
  • Risk analysis and threat modeling for new and existing app security is conducted monthly by 59% of U.S. executives’ organizations, compared to just 36% of non-U.S. executives’ organizations. Further, DevSecOps has been adopted fully (43% of U.S. executives; 40% of non-U.S. executives) or partially adopted (49% of U.S. executives; 51% of non-U.S. executives) in most respondents’ organizations.
  • To address data destruction attacks that aim to disrupt business indefinitely, U.S. executives are most likely to turn to their organization’s disaster recovery (DR) and business continuity (BC) solutions to address such events (43%). Non-U.S. executives are most likely to rely on specific backup or DR solutions or BC plans for data destruction events.
  • Cloud environment visibility around workloads and applications protection was the top cloud security concern for all executives polled (34% U.S. executives; 27% non-U.S. executives). But, the groups diverged on secondary cloud security concerns as U.S. executives listed consistency of application changes (25%) second, compared to non-U.S. executives listing compliance (19%) as a second-ranked concern.
KEYWORDS: c-suite cyber security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber security executive

    87% of executives have no cybersecurity tools on personal devices

    See More
  • Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine

    C-Suite executives expect changes made in response to COVID-19 to become permanent

    See More
  • phishing freepik

    New spear phishing emails target C-suite executives, assistants & financial departments

    See More

Related Products

See More Products
  • threat and detection.jpg

    Surveillance and Threat Detection

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing