CEOs of BEL20 companies are prime targets for hackers

Hackers are actively exploiting the hybrid working habits of top-level executives. Personal smartphones, email accounts, or home networks often serve as easy entry points to access sensitive business data or systems. Senior executives are a strategic and intentional target — not only for financially motivated cybercrime but also for sophisticated corporate espionage by competitors or state-sponsored actors. Sometimes, breaches are even the result of automated scanning tools that constantly probe for weaknesses and strike the moment a vulnerability is detected.

Boardrooms frequently operate with double standards: while cybersecurity is declared a top priority, executives often request personal exceptions to company security protocols.

In a recent global study by Accenture involving 1,000 CEOs (“The Cyber-Resilient CEO,” 2023), 90% of respondents stated they expect a catastrophic cyber threat within two years. Yet, 95% admitted their cybersecurity strategies are driven primarily by compliance requirements, not by a fundamental commitment to internal security. Furthermore, 60% acknowledge that this approach is insufficient.

The drive to better protect top executives clearly needs to be elevated, as vulnerabilities are widespread. Cyberwolf’s investigation into all BEL20 executives over the past three months reveals the current security posture is far from reassuring:

• 70% of BEL20 CEOs can be easily targeted via publicly exposed vulnerabilities in their own companies or through board roles in other organizations.
• This number rises to 95% when factoring in vulnerabilities linked to associated charities or sector-specific media.
• 80% of BEL20 CEOs have enough publicly available audio content to allow for a convincing deepfake voice clone to be generated in under five minutes.

The findings have been shared with the impacted organizations and the Belgian Centre for Cybersecurity (CCB). The results also caught the attention of Belgian business newspaper De Tijd. Read the article (in Dutch):  Belgische captains of industry zijn makkelijk doelwit voor hackers | De Tijd

Tip: Listen to the podcast episode ‘De 7’ (April 22) covering this topic (in Dutch): 🎧  22/04 | De Wever timmert achterpoortjes effectentaks dicht | Stoffels zwaait af als CEO Galapagos | Toplui Bel20-bedrijven makkelijk doelwit voor hackers – De 7 | Podcast on Spotify

DOs

• Take your own security seriously — as a business leader, an individual, and as part of a family. Building a resilient organization starts with strong personal cyber hygiene.
• Face inconvenient truths — Personal targeting is part of the modern threat landscape. Private life is just as critical as professional life. A multidimensional view (professional, personal, network, and third-party exposure) is key to avoiding surprises.
• Treat security as a strategic asset — With proper protection, CEOs can maintain transparency and openness, essential for building trust and securing the future of their organizations.

DON’Ts

• No more “bare minimum” mindset — Merely complying with standards is not enough to stop determined attackers.
• Stop burying your head in the sand — As a knowledge-based economy, Belgium is home to many innovative companies and cutting-edge technologies, making them highly attractive to both malicious actors and foreign intelligence services — especially given the concentration of EU and NATO offices in Brussels.
• No more double standards — Executives must lead by example and demonstrate that cybersecurity is taken seriously at the highest level.