New research reveals cybersecurity breaches cause measurable stock price declines, as well as alarming disconnects across the C-suite on what is actually working to secure enterprises
New research from Ernst & Young LLP highlights significant financial risks posed by evolving cybersecurity threat landscape, with alarming disconnects across the C-suite on exposure levels, threat sources and more. In addition to the latest EY US C-suite cybersecurity study, which found a majority of C-suite leaders (84%) report that their organization experienced a cybersecurity incident in the past three years, a separate EY US analysis of Russell 3000 companies found those experiencing a cyber incident typically see their stock price decrease by 1.5% over the following 90 days, demonstrating the tangible and enduring effects of cyber incidents on market capitalization for firms which experience them.
The EY 2025 Cybersecurity Study: Bridging the C-suite Disconnect surveyed 800 US C-level executives, including 300 chief information security officers (CISOs) and 500 other C-suite leaders, to uncover cybersecurity investment levels, emerging threats, and sentiment about risks and preparedness. The study found that CISOs are more on edge than other C-suite executives: two-thirds (66%) of CISOs say they are worried that the cybersecurity threats their organization is facing are more advanced than their defenses, which is significantly more than their C-suite counterparts (56%).
“Companies need to move beyond a ‘check the box’ mentality and recognize cybersecurity as a strategic investment, not simply a cost center,” said Jim Guinn, II, EY Americas Cybersecurity Leader. “It’s time to take the bull by the horns and push for not just the resources but the authority for cyber leaders to build truly resilient organizations. The cost of inaction is simply too high.”
Cyber Technology Insights : CNH and DENSO Recognized at EMEA SEC 2025 for Their Outstanding Efforts in Brand Protection
C-suite disconnects on cybersecurity may leave organizations exposed
Comparing the responses of CISOs to their C-suite counterparts reveals worrying divides. For example, CISOs are more likely than the rest of the C-suite to express concern about senior leaders at their organization underestimating the dangers of cybersecurity threats (68% vs. 57%), highlighting a lingering vulnerability due to a lack of understanding by C-suites of the downside risks.
The survey also found a divide between CISOs and the rest of the C-suite on the origin of cybersecurity incidents and the threat actors responsible. CISOs (57%) are more likely than the rest of the C-suite (47%) to say their organization has experienced a cybersecurity incident due to cybercriminals in the past three years. Conversely, more CISOs (47%) say their organization has experienced a cybersecurity incident due to inside threats (i.e., employees intentionally stealing or leaking private information) in the past three years, compared to the rest of the C-suite (31%). This gap in understanding about the historic source of incidents is problematic for building defenses against future threats.
Another concerning disconnect is that CISOs are the most likely to attribute decreased cyber incidents to investment in artificial intelligence (AI). In fact, 75% of CISOs say their organization experienced a decrease in cybersecurity incidents following increased investment in AI, compared to the rest of the C-suite (68%). By contrast, the rest of the C-suite (77%) is more likely than CISOs (69%) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.
Cyber Technology Insights : OdineLabs Inc. Completes Official Patent Application for Communication Technology
A call to action to bridge the gaps in C-suite cybersecurity perception
“CISOs see escalating threats and vulnerabilities, while the C-suite appears to often believe cybersecurity is handled,” said Guinn. “Cybersecurity incidents carry significant and far-reaching financial repercussions beyond immediate recovery costs. Our research reinforces the urgent need for leaders to come together and develop a comprehensive cybersecurity strategy that addresses the evolving threat landscape and includes clear communication, a shared understanding of the risks and opportunities, and priority areas for investment.”
Despite the risks posed by key disconnects, there is a silver lining as investments are on the rise. While 21% of C-suite leaders say their organization currently invests more than 10% of their IT budget (which cybersecurity falls under) in cybersecurity, this number is expected to roughly double to 38% next year.
To better maximize this additional capital amid heightened cyber risks and turbulent economic conditions, Guinn and the EY US Cybersecurity team recommend the following:
- Elevate the CISO role: Establish the CISO as a position of ownership over the organization’s security posture, with the mandate to drive strategic security initiatives and influence critical business decisions.
- Invest strategically: Align cybersecurity investments with the organization’s overall business objectives and risk tolerance, ensuring that resources are allocated effectively to address the most critical threats.
- Embrace innovation: Continue reviewing and adopting new technologies and approaches to cybersecurity, including AI and machine learning, to enhance threat detection and response capabilities.
- Develop a culture of cyber confidence: Promote a culture of cybersecurity awareness and responsibility at every level across the entire organization, empowering employees to identify and report potential threats.
Cyber Technology Insights : Lynch Carpenter Investigates Claims in Blue Shield of California Data Breach
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source – prnewswire
