Cyber

Cybersecurity continues to be recognized as a core enterprise risk yet there is still a significant gap between cybersecurity strategy and business priorities. Persistent misalignment remains between what cybersecurity teams need and what the business prioritizes.

Kroll surveyed 1,000 cybersecurity decision-makers across 10 countries, representing companies from various industries with annual revenues from USD 50 million (mn) to more than USD 5 billion dollars.

Security executives and CISOs can close the strategic disconnect between business goals and cybersecurity priorities by taking a more intentional, business‑aligned approach to drive clarity, accelerate progress and position cybersecurity as a strategic driver of long‑term business success.

Executive Alignment Is Improving, but Cyber Readiness Is Not

Nearly all organizations (96%) have been able to quantify the financial impact of cyber risk on their business, with potential losses averaging $20.9 mn, a figure that underscores the urgency for better resilience.

The Strategy-Execution Gap Is Putting Organizations at Risk

Organizations are struggling with mismatched priorities, leaving vulnerabilities that attackers are all too willing to exploit. Differing risk tolerance (51%) and gaps in executive cyber literacy (43%) are the biggest drivers behind the disconnect between executive strategy and security execution.

Response Time Is Not Keeping Pace with Intrusion Time

The difference between perceived and demonstrated resilience can be significant: Only 19% of companies believe they can respond to an incident within minutes yet recent reports show that the average eCrime breakout time in 2025 was 29 minutes.¹ The window between intrusion and impact is a fraction of most companies’ response time. This means significant damage can be done before cyber defenders can mount a response.