Photographic portrait of Jim Guinn, II
Jim Guinn, II

EY Americas Cybersecurity Leader

2 minute read 29 May 2025

For business leaders, cybersecurity remains a priority in a changing geopolitical environment.

In brief
  • Businesses are navigating a complex time when geopolitics, cyber threats and cybersecurity are strongly interconnected.
  • It has never been more important for leaders at the top levels to call attention to cybersecurity.
  • Cybersecurity resources should be directed toward five basic but critical objectives.

The past decade has seen significant progress toward strengthening cybersecurity measures for businesses and consumers. But cyber threats are multiplying and advancing so fast that there is no long-term security.

How EY can help

  • Cybersecurity

    Learn more about how organizations are accelerating transformation and strengthening cybersecurity at the same time.

    Read more

In order to keep up, corporate leaders have a continual responsibility to gather relevant information, assess vulnerabilities and solutions and decide where and how to spend on cybersecurity — while forces on the other side of the equation don’t follow rules and are often miles ahead.

 

Jim Guinn, EY Americas Cybersecurity Leader, recently joined Cheddar news anchor Dave Briggs on the floor of the New York Stock Exchange for a conversation about the critical importance of cybersecurity. Briggs kicked off by saying cybersecurity is “still the most important thing in the world that people aren’t talking about enough.”

 

Guinn cited a range of factors, notably current geopolitical complexities — that make cybersecurity an urgent and ongoing priority for business leaders at the topmost levels.

 

In an unstable geopolitical landscape, familiar cyber threats, such as ransomware gangs, are being eclipsed by nation-state actors with different motivations. All are constantly scanning the global horizon for vulnerabilities — entry points that might include corporate leadership changes, market losses, mergers or acquisitions and political transitions that open up windows to malevolent opportunists.

 

“We have nation-state actors poking and prodding one another to figure out — Can we get in? Can we pre-position? Can we figure out what we might want to do to create a diversion or a distraction for something we might want to go actively do?” Guinn said.

Guinn outlined five essential and proactive steps business organizations should take.

  1. Know the adversary. Establish a robust intelligence program to track where threats are coming from.
  2. Apply data strategically. Use the information you’re gathering to enhance threat-hunting capabilities.
  3. Train employees. Establish a repeatable, mandatory program to help employees stay updated, aware and trained on current cybersecurity best practices.
  4. Test, test and test again. Regularly proof all systems, networks and applications for vulnerabilities using consistent methods that reveal cracks.
  5. Know and manage your assets. Maintain a comprehensive data asset inventory because, “If you can’t see it, you can’t protect it.”

You have to start at the top. Corporate leadership plays a pivotal role in maintaining cybersecurity vigilance. Guinn suggested that executives need to incorporate cybersecurity into both their business strategies and talk tracks.

“The single most important thing that executives can do is speak about cybersecurity when they talk about their business,” Guinn said.

Guinn noted an epic shift in awareness among CEOs, particularly following high-profile breaches. However, he points out that many chief information security officers (CISOs) report at lower levels in organizations, which can cloud understanding of cybersecurity issues.

If leaders are unsure how to invest technology resources in cybersecurity, Guinn reiterates that threat intelligence, data-driven threat hunting, employee training, systems testing and data asset management are the best formulas to mitigate risks.

“Arguably nothing is more important for companies out there today than cybersecurity,” he said.

Summary 

In the cyber space, business is less secure than ever and executive leaders should practice sustained vigilance and awareness-building.

About this article

Photographic portrait of Jim Guinn, II
Jim Guinn, II
EY Americas Cybersecurity Leader
Mitigating cyber threats through innovative defenses. Passionate philanthropist. Loves rodeo, equitation, competitive angling and golf.
Related topics
Consulting
Cybersecurity

Related articles

Cyber study: How the C-suite disconnect is leaving organizations exposed

A 2025 EY study shows a consensus on the importance of cybersecurity among executives and a correlation between share price declines and cyber breaches.

Embracing cyber resilience: the shift from defense to endurance

Explore the shift to cyber resilience, where organizations anticipate, withstand, recover, and adapt to cyber threats for enduring security.

Varun Sharma

Why a superstore reinforced its cyber walls to protect its customers

Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.