Building cybersecurity through C-suite collaboration: insights for Retail

Cyber risks are top of mind, with 53% of CEE leaders ranking cyber as the top risk their organisation is prioritising for mitigation over the next 12 months (globally: 57%).

As many as 49% of CEE businesses measure the financial impact of cyber risks, while this metric stands at 70% for EMEA, highlighting the need for faster convergence of a quantitative approach in the CEE region.

Despite cyber risks being a priority for businesses, only 2% of businesses globally have implemented firm-wide cyber resilience. This leaves a glaring vulnerability—without enterprise-wide resilience, companies remain dangerously exposed to the increasing threats that could compromise their entire operation.

What worries organisations most is what they’re least prepared for. In general, technology leaders prioritise improving cloud, data and network security in 2025 to mitigate these cyber risks. CEE businesses also look to invest substantially in application security and awareness programmes, while EMEA is advancing towards GenAI to find innovative solutions.

At the same time, global research highlights differing priorities: business executives are primarily concerned with inflation, while tech executives focus on cyber risks due to their closer connection to the cyber threat landscape.

“Secure AI”: Business and technology leaders have a mandate to leverage AI-driven capabilities to find innovative ways to serve their customers and increase operational efficiency. These imperatives mean that AI-enabled business solutions are on the rise and need to be secured. AI is already starting to accelerate new innovations and automate processes in ways we would have thought unimaginable only a few years ago. It is improving our productivity and helping us reimagine the customer experience.

“AI for Security”: Even though new and emerging technologies may increase the attack surface area, organisations are leveraging AI for cyber resilience. In CEE, 43% of companies will prioritise threat detection and response in the use of GenAI for defence over other cyber capabilities/areas in the next 12 months.

On average, 42% of CEE businesses and 52% of EMEA businesses increased their investments in emerging technologies (such as GenAI) for cybersecurity in the last 12 months.

There are clear challenges for CEE leaders in applying GenAI solutions in areas such as the implementation of data governance in their organisations, alongside the technical and knowledge requirements.

As many as 73% of companies in CEE state that regulations have a moderate to significant impact on increasing their cyber investments.

While the CEE region is facing a challenging regulatory environment, CEE leaders expressed high confidence in complying with the Digital Operational Resilience Act (DORA) (43%), the Network and Information Systems Directive 2 (NIS2) (58%) and the EU AI Act (38%).

Despite the clear belief that cyber regulations are helping the organisation, there’s a measurable difference between CEO and CISO/CSO confidence in their ability to comply with these regulations. CISOs, who are on the front lines of cybersecurity, are less optimistic than CEOs about their organisation’s ability to meet these regulatory requirements. The biggest gaps involve compliance with regulations related to AI, resilience and critical infrastructure requirements.