CyberBeacon #61 – Cyberattacks Are Now the #1 Fear in the Boardroom

Cyberattack coverups, AI threats, smart device botnets, and phone scams are creating new risks for leaders, employees, and everyday consumers.

blog

Aware Force Cyber Beacon Headlines for Management

#61 July 7, 2026

Cyberattack coverups, AI threats, smart device botnets, and phone scams are creating new risks for leaders, employees, and everyday consumers.

The Boss Tells You to Stay Quiet About That Breach. The Law Says Otherwise.

More than half of security professionals say they’ve been told to hide a breach they knew should have been reported. That pressure isn’t coming from the mailroom: 69% of C-level executives, including CISOs and CIOs, report being given the same directive.

  • When a worker is told to hide a breach, they’re being asked to break the law — in most places, in multiple ways at once. All 50 U.S. states plus D.C., Puerto Rico, Guam, and the U.S. Virgin Islands now have breach notification statutes. Internationally, GDPR requires notification within 72 hours and carries fines up to €20 million or 4% of annual global turnover, whichever is higher.
  • The SEC requires public companies to disclose material incidents within four business days of discovery. The penalties for getting this wrong are real. A California software company paid $6.75 million for misleading the public about the full extent of a breach; a New York financial firm was fined $2 million for failing to notify within 72 hours; a Massachusetts property manager paid $795,000 for unlawfully delaying required notifications.
  • Organizations that delay disclosure face escalating regulatory fines, amplified reputational damage when the truth surfaces anyway, and erosion of internal trust as employees question the ethics of leadership. Bitdefender’s analysts suggest that changing this culture “may require making disclosure feel less punishing — or perhaps the opposite: making secrecy impossible to justify.”

Dive Deeper:

Bitdefender | Cybersecurity Dive | Pillsbury Law

China’s Top AI Researchers Are Scared Too — and That Should Tell Us Something

China-linked actors are behind more than half of all state-sponsored attacks on tech companies, according to CrowdStrike. Chinese AI companies are under pressure from both sides — facing Western export restrictions on the chips they need while simultaneously watching their own proprietary models get targeted for theft, leaving researchers on both sides worried that the competition itself is outrunning anyone’s ability to control what comes next.

  • AI startup Copyleaks say they’ve seen repeated cases where newly onboarded employees are immediately targeted by attackers trying to access AI models. For your onboarding: new employees should treat your first weeks on the job as a heightened security window — be skeptical of unsolicited contact asking about work, tools, or your, and report anything that feels off to your security team before engaging.
  • Top AI researchers on both sides are warning about a “Chernobyl moment.” At a major AI conference in Beijing’s Zhongguancun tech district, scientists from the U.S. and China — including an MIT researcher addressing the crowd remotely — argued that the cybersecurity and systemic threats from advanced autonomous AI are too serious for national competition to take priority.
  • The U.S. and China have both opted out of a global agreement on AI in the military. But Washington and Beijing have declined to join a multinational framework for regulating AI in defense, even as other nations move toward international standards.

Dive Deeper:

https://www.wsj.com/pro/cybersecurity/cyber-threats-top-ceo-business-fears-7141c6c9?st=jqjKZM&reflink=desktopwebshare_permalink

https://www.wired.com/story/ai-arms-race-china-us-cooperation

https://www.bloomberg.com/news/articles/2026-05-13/why-the-us-must-engage-china-on-ai-safety-before-it-s-game-over



Update: The Home Device Infiltration Story from Earlier This Year Has a New Chapter

Here’s the latest on the story we’ve been following about hostile nations’ ability to commandeer millions of wireless home devices in the US and Canada. A year ago, Google sued the operators of Badbox 2.0 — a China-linked botnet that had compromised over 10 million Android TV boxes and streaming devices. Now. the FBI seized hundreds of domains tied to a NASDAQ-listed company running a criminal proxy network called NetNut.

  • In one sample week last month, 316 criminal and espionage groups were using this single network. Nearly half of downloadable apps on LG’s webOS platform contain SDKs that quietly turn the television into an always-on residential proxy node.
  • Taking one network down doesn’t end the threat — it reshuffles it. The same dynamic is likely to repeat with Whichever network absorbs NetNut’s former customers will likely emerge as the new threat.
  • For consumers: stick to name-brand streaming devices from reputable manufacturers, avoid any app that offers payment for “sharing your unused bandwidth,” and check your smart TV’s app list — if you have an LG or Samsung, delete anything you don’t recognize or actively use. Google publishes a list of verified partners at tv.google/intl/en_us/programs/android-tv-op/ — anything not on that list is a risk worth taking seriously.

Dive Deeper:

Cyberattacks Are Now the #1 Fear in the Boardroom; Ahead of War, Inflation, and Trade

Nearly two-thirds of CEOs at major companies now say cyberattacks are their single biggest business concern. This isn’t just one survey — every major global risk report is concluding the same thing.

  • The specific threats keeping CEOs up at night have shifted — and AI is driving that shift. In 2025, ransomware topped the CEO concern list. In 2026, cyber-enabled fraud and phishing have taken the top spot, with AI vulnerabilities ranking second.
  • Concern is rising fastest among executives who are being honest about their exposure. PwC’s 2026 Global CEO Survey found that about 1/3 of CEOs now describe their organizations as highly or extremely exposed to significant financial loss from cyber threats
  • When cybersecurity moves from the CISO’s agenda to the CEO’s top concern, it changes how organizations invest, train, and hold employees accountable. Protiviti’s 2026 Executive Perspectives report found that nearly half of execs say cybersecurity ranks ahead of business process improvements and infrastructure modernization as an investment priority in 2027.

Dive Deeper:

Phone Scams Just Passed Email as the Threat Consumers Fear Most

The smartphone has become the most feared attack surface for everyday consumers, and AI voice cloning — which can replicate a trusted voice from three seconds of audio — is turning it into a serious organizational risk as well, with vishing attacks up 442% since last summer.

  • AI voice cloning has changed the game entirely. It’s true: it only takes three seconds of your audio to voice match to the original. Of people who interacted with an AI voice clone scam call, 77% lost money as a result — making it one of the highest-conversion fraud tactics in use today.
  • We’re getting more than 500 scam calls per person per year. Scam and telemarketing calls now represent more than half of all automated calls. In the US, the FTC’s median reported loss for phone call-initiated scams has reached $1,835 per victim.
  • Imposter scams — someone pretending to be your bank, your government, or someone you love — are now the most reported fraud category for the ninth straight year. Are we ignoring them more often? 86% of unknown calls now go unanswered, and 92% of consumers assume unidentified calls are fraudulent.

Dive Deeper:

https://www.mediapost.com/publications/article/416179/phone-menace-consumers-are-more-scared-of-telepho.html

https://www.mcafee.com/ai/news/ai-voice-scam

https://www.adaptivesecurity.com/blog/the-ultimate-guide-to-ai-voice-cloning-scams-how-to-detect-prevent-and-protect-against-them

Get the latest insights in cybersecurity.
Subscribe to the Aware Force Cyber Blog

Insightful cyber news, fresh ideas for engaging your employees and more.

Search

Richard Warner is a recognized expert on human cyber risk and the founder/CEO of Aware Force, where he and his team create cybersecurity content tailored to each client’s culture that is engaging, relatable, and effective.

Leveraging his decades of experience as a prominent journalist and communicator with outlets including FOX and the GPB Television Network, Richard helps organizations worldwide transform human weak links into their strongest digital defense.

He is based in Atlanta and pioneers effective strategies for security culture and employee engagement.

Featured Posts