PwC surveyed 722 U.S. executives from public and private companies between August 1 and August 5. Of those, 40% listed more frequent and broader cyber attacks as a serious risk. Close behind were talent acquisition and retention (38%) and rising production costs (34%) seen as other serious risks. 

An additional 38% of survey respondents called cybersecurity a moderate risk. And concern about cyber attacks wasn’t limited to CISOs: 47% of tax leaders ranked cybersecurity as a serious risk, along with 44% of CFOs, 41% of CMOs and a whopping 51% of board directors. Corporate board members’ interest in cyber threats follows a proposal from the SEC in March that would require directors to oversee cybersecurity risk.

“Cybersecurity is a strategic business enabler—technology is the central nervous system of many companies—and confirming its data is secure and protected can be brand defining," PwC’s Sean Joyce said in a statement.

According to the study, organizations can address the growth of cyber threats and the increasingly digital nature of business by building cybersecurity into agendas across senior leadership, educating employees, including a cyber plan in every new business initiative and regularly measuring cyber risks. Of executives surveyed, 53% said they are increasing investments in digital transformation, 52% said IT and 49% said cybersecurity and privacy.

Small business owners are less worried about cyber attacks, according to a recent CNBC study. Of 2,000 small business owners surveyed, just 5% listed cybersecurity as the top risk to their business. Cybersecurity has consistently ranked the lowest of the 5 priorities in the survey for each quarter it has been conducted. Still, nearly 40% of respondents said they were at least somewhat worried their business would fall victim to a cyberattack in the next 12 months. That level has remained about flat for four consecutive quarters.