Insight on Cyber Threats Facing Board Members and Executive Leaders Unveiled
In the ever-evolving landscape of cybersecurity, company directors and officers are gearing up for a more active role in managing the increasing threats. The latest trends indicate a focus on frequent incident response, strategic budget allocation, enhanced preparation, sponsorship by the board, and evolving insurance considerations.
According to the Global Insurance Law Connect (GILC) report and the WTW and Clyde & Co survey, cyber-attacks and data loss remain the top risks for Directors & Officers. To tackle these challenges, many organizations are detecting and responding to cybersecurity incidents at least weekly, driven by rising threats like ransomware and supply chain attacks.
Boards and company directors are increasingly engaged in cybersecurity oversight. CISOs and company directors are co-leading cybersecurity efforts to embed security throughout the organization and align it with business strategy. Transparency with shareholders and regulators is becoming more critical, pushing board involvement in cyber risk governance.
Businesses prioritize business continuity and disaster recovery as leading cybersecurity initiatives. Preparations now emphasize resilience against ransomware and complex supply chain risks. AI-driven risks, such as synthetic identity fraud and voice cloning, require cautious, governed adoption of new technologies.
Despite economic uncertainties, cybersecurity budgets are steady or increasing for 88% of organizations. Budget allocations prioritize staff compensation, cloud software, and outsourcing/managed security services, reflecting a shift toward external expertise and technological investments.
Although not detailed explicitly in recent reports, the increased focus on cyber resilience, risk quantification, and disclosure in financial filings implies growing attention to cyber insurance as part of comprehensive risk management — likely integrated with board oversight and budgeting.
The WTW and Clyde & Co survey suggests that cyber incident response plans are in place for 80% of respondents, but only 53% have cyber insurance in place, with a further 18% planning to purchase it in the next two years. The Mactavish survey of senior private equity professionals reveals that only 23% describe the due diligence carried out on cyber security issues of target companies as 'good' or 'excellent'.
The frequency of monthly updates to boards on cyber security increased from 18% to 28% between 2024-2025. The latest Cyber Directors' and Officers' Survey Report shows a decrease in the percentage of respondents who only update their board on cyber security in response to an incident, from 20% in 2024 to 12% in 2025.
The GILC report also highlights that Directors & Officers insurance premiums are expected to increase in the next two years due to the growing complexity of risks and the potential for large claims. As the cyber threat landscape continues to evolve, directors and officers are expected to stay actively involved with frequent incident updates, strategic sponsorship, ensuring preparedness against rising sophisticated threats, approving balanced budgets that support staffing and technology, and integrating cyber insurance into their broader risk management framework.
The survey suggests a need to engage both strategic and technical stakeholders to manage cyber risk most effectively. As the cybersecurity landscape continues to evolve, it's clear that the role of directors and officers will become even more crucial in ensuring the resilience and security of their organizations.
- Directors and officers are actively involved in managing cyber risk events, as they are expected to stay updated with frequent incident reports, sponsor strategic initiatives, and ensure preparedness against rising sophisticated threats.
- In the realm of finance, cybersecurity budgets are prioritized, with 88% of organizations maintaining steady or increasing allocations, particularly for staff compensation, cloud software, and outsourcing/managed security services.
- As the cyber threat landscape evolves, the importance of cybersecurity insurance as part of comprehensive risk management is growing, likely integrated with board oversight and budgeting for a more resilient business future.
