The world is increasingly interconnected, bringing about new risks alongside the new growth opportunities. Digital technologies, exponential growth of data, and evolving business needs are expanding attack threat surfaces and bringing new challenges that elevate cyber as a strategic business issue. Collaboration across cyber, risk management, and business units is critical to neutralizing cyberthreats, protecting business value, and sustaining customer trust.
This year’s global survey—Deloitte’s largest cyber survey to date— polled leaders across industries in order to get a clearer picture of where cyber stands and where it is going. What we discovered is that cyber’s profile as an enabler is growing. Among organizations of all sizes, cyber is consistently earning a place on the agenda, becoming a focal point for business-critical initiatives and investment.
The study shows that decision-makers recognise the high importance of cyber for their company or institution. However, the cyber experts interviewed also see numerous challenges in the effective implementation of cyber measures. Therefore, the study not only analyses the current status, but also provides an outlook on the future of cyber security.
Cyber as a business priority is becoming more evident at the board level. In this year’s survey, 70% of respondents reported that cyber was on their board’s agenda on a regular basis, either monthly or quarterly. An overwhelming majority of survey respondents identified a strong connection between cyber and business impact—with 86% reporting that cyber initiatives made a significant, positive contribution on at least one key business priority. And most organizations are looking to build on that value proposition, with 58% planning to increase their cyber investment in the next year. Despite cyber’s potential as a business enabler, the ability to leverage it effectively can be inconsistent across organizations.
As part of this year’s survey, Deloitte identified high performing, cyber-mature organizations based on their level of cyber planning, their engagement on cyber at the board level, and the level of strategic action they have taken on cyber. Among the organisations considered for the survey, 38% have a low cyber maturity level, 41% a medium level and 21% a high level. The respective maturity level is determined on the basis of three criteria:
The highest-performing organizations also were more likely to report positive contributions from their cyber initiatives in areas such as:
As part of our latest Global Future of Cyber survey, we asked about the role that cyber plays in each of these leading digital transformation initiatives (Figure 1). The results are clear: executives see cyber playing a crucial role for all digital transformation priorities, especially when it comes to:
Even as the organization’s focus shifts to the positive benefits and long-term business value that cyber readiness can bring, it is important to keep sight of cyber’s core ability to counter cyber threats, mitigating negative business consequences and risks. The frequency of cyber incidents or breaches has remained steady, with 91% of organizations reporting at least one.
Meanwhile, operational disruption continues to be the most significant impact of cyber incidents, although loss of revenue and loss of customer trust jumped in the rankings—to second and third place—with 56% of respondents reporting that they suffered related consequences to a moderate or large extent (Figure 2).