72 Percent of Senior Executives Targeted by Cyberattacks in the Last 18 Months
Senior executives are prime targets for cybercriminals, with a staggering 72% of surveyed cybersecurity professionals in the US reporting that this group has been targeted by cyberattacks in the past 18 months. This trend, highlighted in GetApp’s 2024 Executive Cybersecurity Report, underscores the growing sophistication of attacks, including the rising use of AI-generated deepfakes, which have been involved in 27% of the attacks.
Despite the clear and present danger, many organizations are failing to adapt their cybersecurity strategies to protect their top leaders. Over a third (37%) of companies globally do not provide specialized cybersecurity training to their senior executives, leaving a critical gap in their defenses.
"Companies' senior executives hold crucial business data, keeping them in the crosshairs of cybercriminals," says David Jani, senior security analyst at GetApp. "There’s a pressing need for businesses to prioritize specialized cybersecurity training for their leadership teams."
The frequency of attacks is also escalating. 69% of US companies that have previously had attacks report an increase in attacks over the past three years–above the global average of 58%. This uptick coincides with the rise in complexity of attacks. Notably, incidents involving AI-assisted deepfakes and phishing schemes have surged, with senior executives as primary targets.
Over half (54%) of US companies have experienced at least one identity fraud incident affecting a senior executive over the last 18 months, which is 13 points higher than the global average of 41%. Compared to the global average, US senior executives witness significantly higher risks for fraudulent financial transactions as well.
In response to these escalating threats, businesses are encouraged to implement comprehensive cybersecurity strategies that include ongoing training, use of advanced security tools like multi-factor authentication (MFA) and data encryption. Proactive measures, like regularly updating software, monitoring network activity, and preparing for emerging threats like deepfakes, are also vital.