Data Reveals CEOs Neglecting Cybersecurity Amid Rising Threats
As Cybersecurity Awareness Month draws attention to the growing importance of digital security, new research reveals that cybersecurity is being neglected by UK CEOs, posing significant risks to businesses.
A survey conducted by compliance training provider Skillcast found that only 6% of CEOs list cybersecurity as a top priority, ranking it ninth out of twelve major regulatory concerns. Despite the increasing frequency of cyberattacks and data breaches, many CEOs continue to focus on areas such as customer satisfaction and revenue growth, leaving critical vulnerabilities unaddressed.
Another report commissioned by Skillcast also shows that senior-level employees are three times less likely to report compromised passwords or suspicious IP addresses compared to entry-level staff, exacerbating cybersecurity risks within organisations. Reporting from senior management level is crucial to mitigate risks as it not only allows organisation’s to make swift decision-making but embeds a culture of proactive security.
Additionally, nearly half of UK workers (48%) would not immediately report a phishing email, with 41% delaying the reporting of compromised work passwords.
Younger CEOs (18-24 years) prioritise anti-bribery regulations, with 43% listing it among their top three concerns, while older CEOs (55-64 years) show more focus on cybersecurity and tax compliance.
While customer satisfaction (21.4%) and revenue growth (18.4%) top the list of business priorities, compliance and risk management, including cybersecurity, are deprioritised, with only 4% of CEOs ranking it as their top concern.
Despite rising cyber threats, senior employees, who often have access to sensitive data, are significantly less likely to report cyber incidents such as phishing emails or suspicious IP addresses. This reluctance to report security threats—particularly among higher-ranking staff—leaves businesses exposed to preventable breaches, further compounding the risks posed by the lack of focus on cybersecurity among leadership.
Vivek Dodd, CEO of Skillcast, comments on the findings: “The data reveals a dangerous gap between the perception of cybersecurity risks and the actions being taken to mitigate them."
"Senior employees, not reporting cybersecurity threats, can leave companies particularly vulnerable to serious breaches. With cyberattacks becoming more sophisticated and regulatory scrutiny tightening, businesses cannot afford to ignore this area.”
“Cybersecurity needs to be embedded into every level of an organisation’s culture, from entry-level employees to senior leadership. During Cybersecurity Awareness Month, it’s critical to recognise that training and reporting mechanisms must be in place to ensure potential threats are identified and mitigated quickly. Every employee must be empowered to act as the first line of defence.”
In light of these findings, experts are urging businesses to prioritise cybersecurity training and reporting processes, particularly for senior staff who hold access to sensitive systems and data.
As regulatory oversight intensifies, companies that fail to adequately address cybersecurity may face legal, financial, and reputational repercussions.
Ensuring comprehensive cybersecurity awareness and preparedness across all levels of an organisation is crucial to protecting against evolving threats.
0