Close this search box.
Close this search box.

How CEOs And Their Teams Can Prepare For 2023’s Newest Cyberthreats

© AdobeStock
The months ahead will bring new challenges. Here are some looming concerns—and ways to strengthen your offenses.

If you think the last few years were bad for cybersecurity breaches, take a deep breath before you consider what’s coming in 2023. Our existing defenses may not be ready for what’s in store.

Bad actors are honing their existing attack vectors and opening new ones that many companies have barely started to think about.  For example, artificial intelligence technology is found in everything from autonomous vehicles to voice assistants, home security, and medical devices; attacks on these technologies are likely to increase. Security practices once seen as iron-clad, such as biometrics and password managers, are becoming more vulnerable as hackers get smarter—just remember the recent breach of LastPass, a commonly used password management system.

In the face of widening assaults, companies across all industries need to review their people, process, and technology. In my work, I see too many businesses displaying a false sense of security. They think they’re prepared but that illusion often falls apart when their defenses are seriously tested.

Time to play offense

No company can prevent every attack, but you can position your organization to minimize the risks and respond swiftly and effectively to breaches. Here are a few ways you can play offense instead of defense:

As your company starts its 2023 budget process, ensure that IT and security teams have enough budget to do their jobs well. Your C-suite, including the CEO, CFO and CISO/CIO, should have cybersecurity performance metrics that hold them accountable. Appoint at least one board member with cybersecurity expertise who knows the right questions to ask.

Going into 2023 gives you a fresh impetus to assure your plans are not only comprehensive and constantly updated, but also battle-tested. The following are four controls every company should have in place, as well as how to strengthen them.

1. Vulnerability scanning and penetration testing. You’ll be in a much better position to fend off attacks if you know your weak spots. Going into 2023, make sure you perform regular vulnerability scanning and penetration testing that covers all your mission-critical systems. Don’t exclude AI or biometric systems from these checks. Testing can be done in-house but you can also hire a third party to come at your defenses with fresh eyes; they might combine social and technical tactics to probe for weak spots in your systems that you’d otherwise miss.

2. Actively monitoring systems and networks. Right now, any size company in any industry is at risk from malware that has silently penetrated its systems and is waiting to unleash chaos. Without software that monitors and scans for these threats, malicious intruders could be sitting in your systems for months – a particularly big risk for healthcare and financial companies that store sensitive personal data, as well as biometric software companies. Security Information and Event Management (SIEM) tools are must-have software solutions that monitor and log threats. But the software alone isn’t enough. Companies should appoint trained professionals to make sure the SIEM is examining the right information, the right alerting is set up, and the right people have been trained on how to interpret the alerts and put plans into action.

3. Incident response planning. You’ve just been hacked – now what? Without an incident response plan, the answer won’t be clear. With attacks on the rise, it’s critical to have a well-developed plan. In an emergency, you need to mobilize quickly and people should be aware of their roles. Yet these measures still aren’t enough; plans should be tested. If simulating a real-life incident isn’t feasible, walking through the program during table-top exercises at minimum is critical: You need to know which parts work – and which don’t – before a real-life incident. Digital forensics firms can also help with attack investigation and eradication if needed.

4. Security Awareness Training. A financial controller receives an email that looks like it’s from the CFO, requesting a wire transfer to a client with new banking details. The controller sends it – and another phishing scam has succeeded. Despite education and planning, employees are still falling for these scams. Your security team should regularly test staff preparedness by sending out false phishing emails and seeing how many employees fall for them. Use the lessons learned to shore up your security awareness training. Offer incentives for passing phishing tests – gift cards to a local restaurant, coffee with a C-suite executive, or an extra vacation day.  Companies also should eschew old-fashioned PowerPoint-style security awareness training for interactive training programs that incorporate things like multiple choice question/answer sessions or interactive case studies with true/false scenarios.

Does all this cost time and money? Unfortunately, yes. But the investment is well worth it considering the potentially devastating costs of a breach—the risks of which are growing by the day.


  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events


    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)


    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.