Skip to main content

Deloitte's 2023 Global Future of Cyber survey highlights the imperative for organisations to move cyber from threat assessment to growth enabler

Cyber as a foundation of digital transformation priorities is essential to ensuring business success.

Robust planning is proving paramount for creating cyber strategies that mitigate risk and drive business value.

NEW YORK, NY, US, 06 December 2022— Today, Deloitte released its 2023 Global Future of Cyber survey, which found that cyber is more than just technology-focused—it is foundational to an organisation’s growth strategy. This year’s report polled more than 1,000 leaders across 20 countries—Deloitte Global’s largest cyber survey to-date—to get a clearer picture of where cyber stands and where cyber is going.

With 91% of organisations reporting at least one cyber incident in the past year—up 3% from last year—56% of respondents report that they suffered related consequences to a moderate or large extent. However, as the threat grows, so does the case for cyber investment as a growth enabler, with 86% of cyber decision-makers saying their focus on cyber has made a significant, positive contribution to business.

"This year’s report shows how cyber is now woven more tightly into business operations, outcomes, and opportunities. Chief information security officers (CISOs) are most successful when they are connectors across their organisation, focused on enabling their organisation’s highest business priorities,” says Emily Mossburg, Deloitte Global Cyber Leader. "Cyber has become an enabler for business and embedding it into all business practises has shown nothing but success. Advancing cyber will only become more critical as the global economy faces a potential downturn and businesses navigate a looming recession."

Understanding cyber maturity and identifying high-performing cyber organisations are critical in setting the stakes for other organisations. By separating high-cyber-maturity organisations from their medium- and low-cyber-maturity counterparts, the report identifies a distinct class of cyber leaders and more fully demonstrates the extent to which cyber underpins business success and value.

To define cyber maturity, Deloitte identified three sets of leading practises to rate organisations—cyber planning, key cyber activities, and board involvement. The report segments the organisations into three groups—low-, medium-, and high-cyber-maturity—by assigning point values to each set of leading practises.

The key findings of this report exemplify why the incorporation of cyber initiatives throughout business processes can enable growth and achieve cyber maturity.

Global industries continue to navigate constant disruption propelling leaders to adjust their priorities and business initiatives to consider the latest technologies, while also working with extended ecosystems to develop solutions—including data protection and privacy, cyber cloud, infrastructure security, and application security.

  • Cloud is now the number one digital transformation priority for leaders, up from the number two spot in 2021, displacing data analytics.
  • 5G, a newcomer, takes a spot within the top five priorities for businesses, reflecting the growing role of the technology within business ambitions and proving that, while 5G can enable new business models like telemedicine and asset tracking in manufacturing, it also expands the attack surface continuing the need to embed cyber at the start.
  • Highly mature companies saw 30%+ more value from third-party cyber services such as cyber strategy, data protection and privacy, cyber cloud, infrastructure security, and application security.
  • 76% of respondents reported use of automated behaviour capabilities to detect and mitigate cyber risk, compared to 53% in 2021.

Cyber planning and talent can bring innovative solutions that support future business models and identify unforeseen challenges.

  • 87% of highly mature organisations were more likely to have robust plans in place for incident response. (91% will have a robust operational and strategic plan and 88% will develop a plan to assess the protection of data).
  • High-cyber-maturity companies (60%) are three times as likely as low-cyber-maturity organisations (20%), and twice as likely as medium-cyber-maturity organisations (30%) to conduct incident-response scenario planning at the organisational and/or board level.
  • 70% of respondents reported cyber was regularly on their board’s agenda, suggesting that cyber is evolving into a distinct functional area of the business.
  • A lack of skilled cyber professionals is reported to be a top challenge in managing cyber, according to 47% of high-cyber-maturity organisations, suggesting that organisations appreciate the importance experienced talent can bring to cyber efforts.

“With cyber threats growing and advancing around the globe, there is no architecture or approach that can guarantee absolute security and risk mitigation,” adds Mossburg. “We’re now seeing cyber transcend its traditional IT roots and become an essential part of future-proofing businesses—which will be critical in the year ahead as digital transformation continues to be a top investment.”

The report has highlighted why organisations need to invest in key areas throughout the business to increase cyber efficiency in 2023. To enable growth, organisations need to focus on hiring and developing the right cyber talent, executing thorough digital planning, and partnering with extended ecosystems, all while incorporating cyber into strategic business initiatives.

For more information, please visit: www.deloitte.com/2023futureofcyber

Methodology

Deloitte designed its 2023 Global Future of Cyber Survey based on the complexity of today's business and technology landscape, focusing on the needs of enterprise leaders who may recognise the importance of cyber yet struggle to harness its value. Deloitte based its research on a survey of more than 1,000 cyber decision-makers at the director level or higher (C-suite executives and C-suite direct reports), across 20 countries and 6 industries limited to organisations with at least 1,000 employees and $500 million USD in annual revenue.