IMD World Digital Competitiveness

Figure 3

dents of our Executive Opinion Survey what steps their company has taken to address the increasing presence of cybercrime. Figure 3 displays feedback from more than 4,000 executives across 64 economies. They overwhelm ingly confirm the implementation of various measures. Predominantly, actions focus on the security of the infrastructure employed. Approximately 27% of the total responses indicated that they control access to, protect, and run backups of sensitive data, while 25% secure the integrity of their network by encrypting information and adopting firewalls. In addition, 26% of the respondents’ companies enhance awareness by training their employees on best practices to identify or prevent cyberattacks, while 15% focus on monitoring and managing cloud service provider (CSP) accounts. This robust result emphasizes the widespread realiza tion of the danger and the willingness to safeguard the digital presence of the companies. Notably, only 5% of the respondents declared no new measure was adopted in the past year. The results remain consistent when we examine the size of the companies under consideration as well. Figure 4 captures the responses from executives of large companies, that is, companies with more than 250 employees. In this category, the predominant new measures focus on increasing employee awareness. In contrast, for medium size companies with employees between 50 and 250 ( Figure 5 ), and small companies with employees below 50 ( Figure 6 ), employee training is the third most popular response. However, across all company sizes, the implementation of new measures stands out as the most frequent response.

The trend is similar when we break our sample between ‘family’ and ‘non-family’ businesses, although the detailed graphs are not provided here. A notable difference emerges when we examine the share of executives who reported no additional measures taken. In large companies, only 1% of the respondents claim that no new measures were adopted, compared to 4% for medium-sized companies and to 11% for small companies. Similarly, there exists a much smaller differ ence between the 4% non-family businesses executives to the 6% of family businesses executives who did not implement any new measure since the year before. Based on the available data, determining the reason for such an increase is challenging. The possible explana tions include executives of small companies are being unaware of the magnitude of the thread, perceiving a low likelihood of exposure to cybercrime, or facing significant costs for implementing new measures. Alternatively, it may be that they were already actively engaged in a number of cybersecurity actions, rendering the need for new measures unnecessary in the previous year. However, at the country level, results differ. Figure 7 captures the relationship between the percentage of executives who responded that their companies did not adopt new cybersecurity measures in the preceding year (horizontal axis) and their responses to the survey ques tion regarding the adequacy of cybersecurity addressed by corporations (vertical axis). This relationship is both intriguing and somewhat anticipated. In economies where executives perceive an inadequate cybersecurity framework (Venezuela, for instance), they tend to implement additional measures within their companies, for instance, Venezuela. However,

32