Four months into the Russian invasion of Ukraine, there is concern among business leaders about an escalation of the war, especially around cyberattacks.

Most CEOs and other C-suite executives say they are somewhat concerned as opposed to highly concerned about the escalation of the war (i.e., US or NATO involvement, foreign military support of Russia, war spilling over into new regions, use of unconventional weapons). It is the threat of Russian retaliation through cyberattacks that has them most worried. Some 43 percent of CEOs and other C-suite executives say they are highly concerned about this specific threat.

Almost half of CEOs globally cite cybersecurity as a war-related issue that will have a major impact on their business operations in the coming year. In our annual C-Suite Outlook survey released in January 2022 prior to the Russian invasion, just 16 percent of CEOs cited cybersecurity as a high-impact, external issue facing their companies. That same survey found that less than 40 percent of CEOs believed their organizations were well prepared to meet future challenges related to a major cybersecurity crisis.

Immediately after the invasion, The US Cybersecurity and Infrastructure Security Agency (CISA), warned that board members and senior management must recognize the present danger and ensure their organizations adopt a “heightened security posture.” This warning may catch many corporate boards unprepared to provide the appropriate risk oversight. A recent survey by The Conference Board and the consulting firm PwC found 64 percent of executives believe that their board has a fair or poor understanding of cybersecurity.

On a macroeconomic level, a broader conflict means worse outcomes for business investment and consumer spending but potentially more scope for additional rounds of government spending to fund military activities and accelerated investment in renewables. If the conflict is not prolonged for several years, the downside to global economic growth is likely to wane gradually throughout 2023.

Companies’ focus on cyber, however, tends to come in waves. In a recent essay, The Conference Board’s Merel Spierings argues that boards and senior management need to recognize that cybersecurity is not only a matter of security and controls, but also a key ESG issue that should be integrated in discussions of business strategy. In addition, the war in Ukraine, proposed SEC disclosure regulations, new cybersecurity regulations in the US, EU and the UK, and the growing threat of litigation may serve as catalysts for companies to provide sustained—not just episodic—attention to cybersecurity. The brief offers a series of practical steps that CEOs can start taking now to 1) prepare for cyber-attacks, especially ransomware; 2) address increasing regulatory requirements; and 3) increase the resilience of their cybersecurity programs, including building capabilities at the board and management levels. In addition to these steps, corporate leaders should view cyber as more than a security matter, but as one that has important ESG implications.

In this Solutions Brief by Committee for Economic Development, the public policy center of The Conference Board (CED), a key recommendation is to increase collaboration between public and private sector leadership on securing cyberspace. Cybersecurity is a responsibility of leaders in all organizations, and threats will not be met effectively without coordination and partnerships. As cyberattacks grow in number, complexity, and sophistication, it is critically important to combat cybercriminals and build protection and resiliency. Leaders in both the public and private sector must strive to share information, collaborate to address the accelerating threats, and work in tandem to train a cybersecurity workforce large enough to meet these threats and keep data secure in an era of constantly evolving, increasing attacks.

The Conference Board Resources on Cybersecurity

Securing Cyberspace in an Era of Evolving Threats, June 2022, read

CED Policy Watch: Securing Cyberspace in an Era of Evolving Threats, June 2022, watch

How Companies Can Address Cybersecurity in a Sustained Way, June 2022, read

Board Effectiveness: A Survey of the C-suite, November 2021, read