Almost three-quarters of senior executives in the US have been targeted by cyberattacks in the past 18 months, according to a new study. The survey by software discovery platform GetApp found that 72% of executives found themselves in the firing line of cybercriminals. Of those attacks, 27% involved the use of artificial intelligence (AI)-generated deepfakes.

The survey also highlights a significant gap in how organisations prepare for these threats. It found that 37% of companies worldwide do not offer specialised cybersecurity training for their senior executives, leaving a critical vulnerability in their overall security posture.

“Companies’ senior executives hold crucial business data, keeping them in the crosshairs of cybercriminals,” said GetApp senior security analyst David Jani. “There’s a pressing need for businesses to prioritise specialised cybersecurity training for their leadership teams.”

Senior leaders targeted

Conducted in May 2024, the survey gathered responses from 2,648 IT and cybersecurity professionals across 11 countries, including the US, UK, Canada, Brazil, Mexico and Australia.

According to the study, the frequency of cyberattacks appears to be rising, with some 69% of US companies which have been previously targeted reporting an increase in the number of incidents over the past three years. This is notably higher than the global average of 58% and may be attributed to the growing complexity of attacks, including those that leverage AI-assisted deepfakes and sophisticated phishing techniques aimed at senior executives.

Additionally, over half (54%) of US companies reported at least one instance of identity fraud affecting a senior executive in the last 18 months. This rate is significantly higher than the global average of 41%. US executives also face a greater risk of fraudulent financial transactions compared to their international peers.

More training for execs needed, say respondents

AI-assisted deepfakes accounted for 27% of these attacks, although traditional methods like phishing and malware continue to be widely used.

The survey also found that 87% of IT and cybersecurity professionals believe that senior executives should receive more specialised cybersecurity training compared to other employees. However, 37% of companies globally still do not provide additional training for their top leaders. In the US, 54% of companies have experienced identity fraud incidents involving senior executives, a rate much higher than the global average.

Despite these risks, many employees believe that senior executives are aware of cybersecurity threats, including AI-generated deepfakes. However, there is widespread agreement that executives need more specialised cybersecurity training than other staff members.

In light of these escalating threats, GetApp urged companies to implement robust cybersecurity strategies. Such strategies should include continuous training for senior executives, the use of advanced security measures like multi-factor authentication (MFA) and data encryption, and proactive practices such as regular software updates and vigilant network activity monitoring.

Read more: Toyota admits 240GB data breach