CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: [email protected].
81% of cybersecurity managers say material incidents went unreported to leadership
More than four out of five frontline cybersecurity managers admit at least one material cyber incident went unreported to leadership in the past year, compared with just over half (55%) of C-suite cyber leaders who say the same, according to a survey from cybersecurity services provider VikingCloud, revealing significant perception gaps between frontline managers and C-suite cyber leaders.Â
The survey indicated some 90% of frontline managers say cyberattacks are growing more frequent and 88% say they’re more severe over the past 12 months, but fewer C-suite leaders share that urgency (77% and 65%, respectively). Additionally, 79% of managers say a successful cyberattack hit their organization in the past year, compared with 65% of C-suite cyber leaders.
A capability perception gap also exists, the survey found. Some 43% of C-suite cyber leaders say modern cybercriminals are more advanced than their internal teams, compared with only 12% of managers who say the same. Deepfakes emerged as a growing concern, with the percentage of cybersecurity professionals reporting being least prepared for this type of attack rising from 3% to 21% among managers and from 6% to 28% among C-suite cyber leaders year-over-year.
56% of US executives say tariffs will force ESG compromises
More than half of US executives say tariff policies will force their organizations to compromise on sustainability or ESG priorities, with 22% expecting significant compromises and 34% anticipating compromises to some extent, according to a survey from sustainability ratings provider EcoVadis.
The survey of executives across procurement, supply chain, sustainability, risk, compliance, finance and IT functions found that 72% cite tariffs and trade wars as the most significant external supply chain risk in 2025. The findings build on earlier research showing that most US companies are maintaining sustainability investments despite regulatory uncertainty. Some 54% expect that 26% to 50% of their supply chain will require new sourcing arrangements if current US tariff policies remain in place, while 32% anticipate up to 25% of suppliers will be disrupted and 14% predict more than half of their sourcing will be affected.
Supply chain disruptions are already prevalent, with 44% of companies experiencing between four and 10 disruptions tied to third-party failures, environmental events, trade disputes or labor issues in the past year, while 22% faced 11 or more.Â
Other key findings:
- Executive perspectives diverge on risk priorities: C-suite leaders focus on extreme climate events (41%) and geopolitical conflict (40%), while VPs and directors prioritize labor disruptions (36%) and cyber threats (36%).
- Some 21% of companies have taken no action in response to recent climate events, such as wildfires and hurricanes.
- Top resilience actions include reformulating products with value chain partners (61%), adopting second and third sourcing strategies (56%) and engaging suppliers on ESG issues (52%).
39% of organizations experienced security incidents tied to cloud migration governance gaps
Nearly 40% of organizations experienced security or compliance incidents directly linked to governance gaps introduced during cloud migration, according to a survey from governance and identity security software company Pathlock.
The survey of 620 enterprise IT, compliance and security leaders across manufacturing, financial services, healthcare and government found that only 7% updated governance, risk and compliance controls prior to migration, while more than half (52%) failed to embed GRC strategy from the start. Additionally, 50% did not perform full segregation of duties checks when redesigning roles, and 51% of organizations take more than 24 hours to revoke access after employee termination.
Insider threats emerged as a significant concern, with 23% of organizations experiencing insider-related incidents during or after cloud migration. Some 21% reported compliance violations in the past year and 17% experienced insider fraud.
