Cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain beyond the immediate boundaries of their own organizations, according to a new report.

The TCS Risk & Cybersecurity Study, published by the Tata Consultancy Services (TCS) Thought Leadership Institute, highlights cybersecurity issues facing senior business leaders across Europe and North America. The study is based on results of a survey of more than 600 chief information security officers (CISOs) and chief risk officers (CROs) from companies with at least $1 billion in annual revenue, across banking & financial services, utilities, media & information services and manufacturing.

When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, security leaders listed ten cyberattack targets they aim to prioritize in the coming years:

  1. Finance
  2. User databases
  3. R&D
  4. Sales and e-commerce
  5. Marketing
  6. Manufacturing plants/production/procurement
  7. Legal
  8. Distribution/supply chain
  9. Digital ecosystem partners

The rankings revealed a higher level of risk awareness when it comes to internal threats, but a potential undervaluing of third-party cybersecurity risks.

Mapping out priorities between now and 2025, CISOs rank governance, strategy, and talent acquisition highly. Ranking highest is the prioritization of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.

For more information, click here.