25 July 2025
The study shows that 91% of senior executives are confident in their organisation’s ability to prevent and respond to cyber-attacks, with over half expressing strong confidence. However, this optimism appears misplaced, as other data from the report indicates significant vulnerabilities and complacency.
Alarmingly, a third of senior leaders are not actively taking steps to address cybersecurity threats, and among those who are, 21% do not expect to make meaningful progress within the next year. Despite their confidence, 53% acknowledge facing security or performance issues within their hybrid infrastructure, and only 36% have fully mitigated data security risks associated with hybrid work models — covering secure remote access and zero-trust identity management. Additionally, a third of executives report shortages of cybersecurity skills and difficulty filling critical roles.
“Many organisations underestimate the evolving cybersecurity risks such as AI-driven threats, vulnerabilities across hybrid networks, and sophisticated supply chain attacks. Cybercriminals are constantly adapting, and the C-suite must do the same. But this won’t happen if complacency at the top spreads throughout the organisation,” said Richard Moseley, CEO of Node4.
He emphasizes that attackers often use low-effort tactics like social engineering, session hijacking, or exploiting leaked breach data — methods that require little technical skill but can cause significant damage if overlooked. Recent breaches in the retail sector demonstrate that mid-market organisations cannot afford complacency in defending against these “door-openers.”
The report also reveals that cybersecurity is ranked seventh out of ten strategic priorities for the next 12 months — behind skills development, net zero initiatives, and digital transformation. While 29% of leaders acknowledge that external cybersecurity threats strongly influence their IT strategy, many still prioritize other issues like sustainability and regulatory changes, inadvertently downplaying cyber risks.
Furthermore, complacency may hinder AI adoption. Over a quarter of C-suite executives see data security and compliance as the primary challenges to their data strategies, which are essential for successful AI deployment. Nearly 40% believe concerns over data governance and security are among the biggest hurdles to adopting AI solutions.
“The inflated confidence levels suggest that senior leaders are shifting focus away from cybersecurity, viewing it as operational hygiene rather than a strategic differentiator. This complacency not only increases vulnerability but also risks delaying the adoption of innovative technologies that could enhance efficiency and growth. Organisations must recognise that cybersecurity is integral to their digital future and treat it accordingly,” said Moseley.