Cybersecurity breaches are so commonplace in today’s IT world.  Chief Executive Officers (CEOs) and other C-level executives are paying more attention. They are strategizing within their organizations on how to handle potential cyber threats. After considering their findings, many high-ranking executives have decided to change their security initiatives, prioritizing cybersecurity over physical security, but that’s not all.

A new report titled, “Cyber and Physical Security: Perspectives from the C-Suite,” has revealed how high-level executives are approaching security measures for their businesses. This report was conducted by the Center for Cyber and Homeland Security (CCHS), in partnership with the International Security Management Association (ISMA). Many of the companies studied in the report are made up of more than 1,000 employees.

The researchers collected a total of 136 responses from CEOs, chief information security officers (CISOs) and chief security officers (CSOs) from three organizations including ISMA, World 50 and Edison Electric Institute (EEI), plus five industries including banking/financial, manufacturing/fabricated goods, utilities, retail, along with communications and telecommunications.

CEOs now prioritize cybersecurity over physical security

Like many others in today’s business climate, CEOs are aware of the potential dangers of cyberattacks affecting businesses small and large, especially after the number of incidents last year.

Even though the numbers in 2017 were higher, there were more than 6,500 publicly disclosed breaches in 2018.  These breaches resulted in the exposure of five billion records, according to a data breach report published by security intelligence vendor Risk Based Security (RBS). While these numbers aren’t as high as the year prior, they’re not low enough to ignore, so CEOs are acting in response.

Many of the CEOs surveyed in “Cyber and Physical Security: Perspectives from the C-Suite” (86 percent) prioritized cybersecurity over physical security in several of metrics, including the level of importance, budget, personnel allocation, and overall strategy.

While there wasn’t a single reason why these CEOs had adjusted their business strategies over the past several years, there was ultimately one factor for all the executives. Seventy-five percent of the CEOs cited “findings of internal risk assessment” as the top driver for the dedicated focus on cybersecurity initiatives, according to the report.

To protect themselves from the ever-growing threat landscape, all the study’s CEOs noted an expected increase in budgets to help with tackling up-and-coming cybersecurity initiatives. Even with this growing interest and confidence in cybersecurity, physical security remained a concern for 50 percent of respondents. According to the analysts, this means the CEOs surveyed are taking a holistic view of security. They are also encouraging CSOs and CISOs to do the same.

Next on the list: Strategic priorities for CSOs and CISOs

While CEOs surveyed placed cybersecurity, protecting physical assets, and personnel security (e.g., insider threats) on the top initiatives list for their CSOs, their CISOs are the ones getting most of the attention.

 All CEO respondents indicated they meet more frequently with their CISOs than CSOs, mainly because of the following: When it comes to security — whether it be cybersecurity or physical security — in today’s ever-evolving threat landscapes, CISOs play an active and critical role.

For example, due to cyberattacks becoming a growing concern for businesses worldwide, many CISOs are now taking on additional responsibilities. These responsibilities include making cybersecurity presentations, bringing in outside cybersecurity experts, developing new employee training on cyber threats and risk, and more, to ensure the organizations they’re working for are fully equipped to handle threats.

According to CISO respondents, senior leadership prioritizes cybersecurity over physical security due to the rise in cybersecurity incidents.

As CEOs and other high-ranking officials invest more in cybersecurity initiatives, the demand for outside expertise increases. By collaborating with IT security professionals, CEOs, CSO, and CISOs can better protect their organizations from the growing number of internal and external threats affecting the systems of today’s businesses.