.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
In boardrooms across America, there’s a dangerous illusion taking root. It's the belief that cybersecurity is under control — a department, a dashboard, a line item. But according to a sweeping new study by EY US, that belief is not only misguided — it may be materially weakening the companies that hold it.
When a single breach can cripple operations, tank stock prices, and vaporize customer trust in hours, you'd expect the executive suite to be aligned on cyber defense. Instead, EY’s latest research reveals something more unsettling: a fragmented leadership structure, where CISOs and CEOs inhabit parallel realities about risk, readiness, and response.
Most companies are still responding to yesterday’s problems. The study surveyed 800 U.S. executives, including 300 CISOs and 500 non-security C-suite leaders. It found that while 84% of respondents reported experiencing a cybersecurity incident in the past three years, how those incidents are perceived — and addressed — diverges dramatically depending on which executive you ask.
For example, 66% of CISOs feel that the threats they face are now more advanced than their defenses can handle. However, only 56% of their executive peers agree. That gap might seem small, but in the world of enterprise security, a 10-point trust deficit can spell millions in underinvestment or missed red flags.
Perhaps the most overlooked aspect of today’s cyber risk isn’t what's coming through the firewall — it’s who’s already inside.
CISOs report that nearly half (47%) of their organizations' incidents in the last three years stemmed from insider threats — employees who intentionally leaked or stole sensitive information. By contrast, only 31% of other C-suite leaders recognized this internal threat as a major issue… This kind of disparity influences which safeguards are prioritized — AI-driven monitoring versus employee training, for example — and shapes how security protocols are communicated company-wide. If leadership doesn't believe insider threats are credible, they won’t fund internal controls. If they don’t fund controls, those threats don’t get caught. And the breach happens again.
AI, increasingly seen as a game-changer for security, reveals another fault line in the C-suite. CISOs are bullish on its benefits: 75% report decreased incidents following AI investment. Their peers? Only 68% agree, and instead, 77% of them believe employee training has been more impactful than any AI tool.
Altogether, these concerns are a mirror of a deeper divide: whether cybersecurity is a human problem to be coached away, or a technological arms race to be outpaced and out-innovated. The truth is it’s both. And success hinges on a united front.
When CISOs and CEOs can’t even agree on the nature of the threat, how can they possibly defend against it? The myth that cybersecurity lives in a server room or a compliance binder must be retired, and fast. Cyber risk is now a proxy for enterprise risk. It is a board-level issue, a strategic issue, and a brand-defining issue. Until every executive around the table owns it equally, businesses will keep leaking value from the inside out.
