Cyber security breaches ‘taking a toll’ on senior leaders, report reveals
A significant proportion of executives and directors have faced fines or other consequences as a result of cyber security breaches in the past year, according to a survey.
The cyber security stakes are becoming high for corporate leaders, with a greater proportion of directors and executives being hit with fines or even jail time in relation to breaches, according to the 2024 Cybersecurity Skills Gap report.
Over half of respondents surveyed by Fortinet for the research report stated that directors or executives at their organisation had faced fines, jail time or loss of employment following a cyber attack.
The report found that Asia-Pacific leaders were most likely to face penalties, with 58 per cent of respondents in this region saying that executives had faced significant consequences or fines due to cyber attacks.
The report also revealed how widespread cyber security breaches have become with 87 per cent of organisations stating they had experienced one or more breaches in 2023.
More than half of respondents reported losing over $1 million in lost revenue, fines and other expenses.
"Given the high stakes, it’s not surprising that nearly three-quarters (72 per cent) of respondents say their boards were more focused on cybersecurity in 2023 than in the previous year," the report said.
"Improvements discussed or implemented by boards include mandatory cybersecurity training or certifications for IT and security personnel (64 per cent); security awareness training for all employees (61 per cent); and the purchasing of new, more, or better security solutions (59 per cent)."
The top five most commonly experienced attacks continued to be the same as in previous years, with malware the most prominent type of attack.
Malware, phishing attacks, web attacks, password attacks and Trojan horses were the five most common attack types.
The report also found that recovery from an attack can be time-consuming, with respondents taking 2.7 months on average to recover from an attack.
Given the intensification and mounting consequences of attacks, most respondents said they expect things to get worse before they get better.
Around eight in ten said they expect cyber attacks to increase over the next year.
When asked how much they thought attacks would increase, on average, respondents say they expect an increase of 19.3 per cent in the next 12 months. This is roughly on par with 2022, when the average was 20 per cent.
John Maddison, chief marketing officer, Fortinet, said the results from the report highlight the critical need for a "collaborative, multi-faceted approach to closing the skills gap".
"To effectively mitigate risk and combat today’s complex threats, organisations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce," said Maddison.