incident in the past three years. However, while two-thirds of CISOs believe that threats are more advanced than their current defenses, only 56% of other C-suite leaders share that concern. This misalignment extends to the sources of cyber incidents, with CISOs more likely to identify both external attackers and internal threats compared to other executives.

The financial impact of these incidents is also measurable. An EY analysis of Russell 3000 companies showed an average stock price drop of 1.5% within 90 days of a reported cyber incident. Despite growing investment in cybersecurity expected to nearly double among organizations allocating over 10% of their IT budgets, differences in perception persist. Jim Guinn, II, EY Americas Cybersecurity Leader, stated, "It's time to take the bull by the horns and push for not just the resources but the authority for cyber leaders to build truly resilient organizations. The cost of inaction is simply too high." EY recommends strengthening the CISO’s strategic role, aligning cybersecurity with business goals, and promoting shared accountability to address the growing risks and improve resilience.

Read more