Accenture: The Evolving Role of CEOs in Mitigating Cybersecurity Threats

In 2023, a complex, fragmented global geopolitical backdrop prompted a boost in the cybersecurity economy.

It was propelled by the persistent threat of cyberattacks and a unanimous imperative to meet data-governance standards. This opened the divide between cyber-resilient businesses and those struggling to keep pace. This disparity was primarily driven by macro-economic trends and businesses’ varying capabilities in the adoption of transformative technologies.

The global cost of online criminal acts is expected to surge to $23.84tn by 2027. As it becomes a critical concern across the Middle East, the UAE and Saudi Arabia are investing heavily in infrastructure to combat threats. The UAE thwarted more than 50,000 daily cyberattacks in 2023 — and the country’s National Cybersecurity Strategy aims to upskill 40,000 professionals across all sectors. Saudi Arabia ranked second in the Global Cybersecurity Index in 2023.

Chief executives across the region are increasingly aware of how the global economy needs protection. As cyberthreats evolve in complexity and scale, it has become critical for CEOs to safeguard their organisations.

In 2023, Accenture’s survey of 1,000 CEOs across 15 countries — representing 19 industries and organizations with revenues exceeding $1bn — provides insights into how CEOs navigate the challenges.

Chief executives today are acutely aware of the potential threats, identifying cybersecurity as a key business enabler. This sentiment is higher in the UAE (98 percent) and Saudi Arabia (100 percent) than in other countries. But only 33 percent of global CEOs expressed a deep knowledge of evolving cyberthreats. This figure drops to 23 percent in the UAE and 30 percent in Saudi Arabia, indicating a substantial gap between perception and understanding.

The survey identified several disruptive forces. Tech innovation tops the list, with 52 percent of CEOs ranking it as the highest risk. Emerging technologies such as generative and quantum computing are viewed as highly relevant by 86 percent of CEOs.

Supply chain disruptions also pose a significant risk, with 51 percent of CEOs ranking it the second-highest external threat. Environmental vulnerabilities are of concern, with 90 percent of respondents acknowledging the link between fluctuations and cyber-risk.

Despite recognising the importance of cybersecurity, many CEOs adopt a reactive rather than proactive approach. Sixty percent admit that cybersecurity is not integrated into business strategies, services, or products. In the UAE and Saudi Arabia, this figure is 55 percent and 57 percent, respectively. And 44 percent of CEOs view cybersecurity as an episodic, technical issue rather than an ongoing strategic concern — with just 11 percent in the UAE and 37 percent in Saudi Arabia sharing this view.

A reactive mindset results in greater risks and higher costs. Fifty-four percent of CEOs believe that the cost of implementing cybersecurity measures is higher than that of an attack, with significant variations across regions (31 percent in the UAE and 44 percent in Saudi Arabia). This perception underscores the need for a strategic shift.

Compliance drives the cybersecurity strategy for 95 percent of CEOs. While this compliance-driven approach is necessary, it is insufficient to achieve effective protection and resilience.

Amid these challenges, a small group of CEOs — five percent of respondents — stand out as leaders. These valiant few detect, contain, and remediate threats, with breach costs lower than their counterparts. They adopt a holistic view, considering sustainability, talent, technology innovation, and customer engagement.

Cyber-resilient CEOs consistently surpass their counterparts in generating value. Analysis identifies five key actions that leaders consistently take:

1. Embed cyber resilience into business strategies
Cyber-resilient CEOs outperform laggards by 41 percent. To use cybersecurity as a strategic enabler, senior executives consistently link cyber performance to executive outcomes, reducing organisational complexity.

2. Establish shared cybersecurity accountability
Cybersecurity-focused leaders foster a culture of shared accountability. They nurture security talent, and adopt cybersecurity-as-a-service (CaaS) models.

3. Bolster the fundamental elements
Outperforming others by 27 percent, cyber-resilient CEOs prioritise security via a multifaceted approach throughout the lifecycle of a project, from design to deployment and beyond, championing a zero-trust approach.

4. Expand cyber resilience beyond the business
Collaboration with strategic partners and regulators is a key tactic to effectively mitigate potential threats and enhance organisational resilience by strengthening stakeholder relationships.

5. Enable continuous resilience
By adopting ongoing cyber resilience practices, CEOs outperformed others by 39 percent. This approach includes constantly redefining risk profiles and proactively seeking independent reviews. Cyber-resilient leaders harness AI technologies with the UAE National Strategy for a focus on cybersecurity. The strategy also focuses on integrating AI into protection strategies

The research emphasises the critical role that CEOs have to play. As cyberthreats evolve, confident and knowledgeable senior executives will be critical to reducing the cyber-resilience gap.