Skip to main content
close search
site logo
Dive Brief

CISOs, C-suite remain at odds over corporate cyber resilience

More than a year after the SEC revamped cyber disclosure rules, security and IT executives still struggle to articulate enterprise risk strategies.

Published Oct. 8, 2024
David Jones's headshot
Reporter
Concept of technological development of innovation the use of computers in business
Natali_Mis via Getty Images

First published on

Cybersecurity Dive
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to a report published last week by PwC.
  • More than two-thirds of technology leaders see cybersecurity as their top risk for mitigation, compared with only 48% for business leaders, according to the 2025 Global Digital Trust Insights report. The research is based on a survey of more than 4,000 business and technology executives across 77 countries. 
  • Less than half of executives said their CISOs were heavily involved in strategic planning, reporting to the board and overseeing technology deployment. In addition, there is a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure.

Dive Insight:

The research highlights a troubling gap between security executives and the C-suite at a time when the security industry has been pushing businesses to embrace cyber risk as a core business risk. 

“This gap can be concerning because it indicates that security and IT executives, who are more attuned to the day-to-day operational difficulties and potential vulnerabilities, may not be effectively communicating these risks to the leadership team—or may not have the opportunity to do so,” Matt Gorham, leader of PwC’s Cyber & Privacy Innovation Institute, said via email. 

The report indicates a misalignment between IT security leaders and the C-suite on their perceptions of cyber risk, as well as the top priorities necessary to address these issues.

According to the report, cloud security is the top investment priority for tech leaders, followed by data protection and trust. In contrast, nearly half of business executives in the study said that data protection is their top business priority, followed by tech modernization.  

More than a year has passed since the Securities and Exchange Commission voted to adopt rules requiring businesses to disclose material cyber incidents to investors. Those rules also require companies to disclose cyber strategies and risks. 

Prior studies show that while CISOs have gained more access to the C-suite and corporate boards, the various stakeholders have competing sets of priorities. 

A report released in May from Trend Micro shows that CISOs have felt pressure from corporate boards to downplay the severity of cyber risk facing their organizations. 

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell