How cyber is shaping the future.
Despite the elevated risk environment, digital transformation and migration to the cloud continue to be priorities for our clients. More than simply improving efficiency, as data flows across organisations it drives new ways of value creation, connecting lines of business and using customer data to enrich experiences. Our survey data underscores this migration—94% of CFO respondents indicated they are considering moving their financial systems or ERP. to the cloud
In order to remain competitive, today’s enterprises run an array of technologies that combine on-premises infrastructure with hybrid IT and an assortment of third- party cloud providers. These sophisticated integrated environments require new forms of management distinct from traditional in-house IT architectures. A clear plurality of the CIOs and CISOs we surveyed (41%) acknowledge that transformation and gaining visibility across increasingly complex hybrid ecosystems is the greatest challenge they face.
In addition to the pressures of the marketplace, the pandemic heralds the arrival of remote work as a permanent feature of employment. Organisations, large and small, have rapidly transformed work environments and in doing so dramatically increased their attack surfaces, often with little to no time to consider security implications. Not surprisingly, there’s been an uptick in attacks, with 69% of respondents reporting an increase or significant increase in threats to their business between early 2020 and May 2021–this was consistent across industries and geographies. 32% of our global C-suite respondents indicated operational disruption was the greatest impact, followed by intellectual property theft (22%) and drops in share price (19%).
When asked, What are the greatest barriers to managing cybersecurity across their organisations? Respondents ranked data management traversing complex perimeters the highest (44%), followed by a need for better prioritisation of cyber risk across the enterprise (31%). Fortunately, it’s now feasible to deploy Zero Trust architecture, which replaces simple verification of entities with real-time access decisions based on continuous risk assessment. When implemented it is an effective response to the dissolution of perimeters in today’s ecosystems, recognising that every component in an architecture is vulnerable and every layer needs protection.
Made possible by recent advances in computational power, Zero Trust’s emergence and adoption point to wider cultural shifts in organisations that reveal how the role of cyber is changing and its importance elevating. More than a technological fix, Zero Trust’s set of interwoven solutions provide visibility into adversarial activity, associated business risk and insight into changes needed to reduce the risk. This insight demands coordination between IT and business lines as well as enterprise-wide education and training.
* Respondents were asked to select up to two responses, so percentages will not add up to 100%.
As hackers grow more sophisticated and understand the market value of assets—whether it’s pharmaceutical IP, engineering and product patents, customer or other critical data—organisations continue to step up their cyber defence budgets. Almost 75% of respondents who had more than $30B in revenue said they will spend more than $100M on cybersecurity this year.
The challenge is to ensure this expenditure results in greater visibility into the amplified risk of today’s increasingly complex ecosystems. Beyond acquiring technology and expertise, it requires organisational change to facilitate programmatic governance that extends beyond the enterprise to include partners and third-party providers. As technology changes, so does the role of the CISO. Once cyber permeates an enterprise, it’s imperative to reposition where the CISO sits in the organisation chart. Beyond simplifying reporting, closer relationships to the CEO enhance the CISO’s ability to understand business priorities and to have visibility into innovations as they occur. This new operational role of the CISO with greater engagement across the organisation enables the cyber team to ensure necessary requirements, technical solutions and controls can be built into innovation initiatives from the ground up. This not only minimises risk at the outset but risk of overall product and service development. This deeper cultural impact of cyber is why in this year’s edition we’ve expanded the current survey beyond leaders with direct oversight for cyber to include those who should be cyber’s greatest champions: CEOs, CFOs, CMOs, CIOs and CISOs. Their sentiments are similar to one another, with variations seen across geographies and industries.
There is no simple solution, organisational or technological, to gaining visibility into the growing complexity of integrated ecosystems that underpin modern business. However, there are a number of measures, organisational, cultural and operational, when taken together, that can enable organisations to embed cyber in the core of their business initiatives, in their culture and into their continuously evolving technology ecosystems.
In this report, we explore some of those measures and underscore the importance of organisations’ ability to gain visibility into the risk which complexity creates now and into the future as the next wave of technological evolution continues to increase our interconnectivity.
We’re in a period of transition and rapid evolution. Two of the biggest challenges businesses face are hybrid IT and transformation. That’s creating a much more diverse environment and driving up complexity. Greater visibility, particularly into cloud deployments, is the number one thing organisations are looking for.
Emily Mossburg, Deloitte Global Cyber Leader