The world is increasingly interconnected, bringing about new risks alongside the new growth opportunities. Digital technologies, exponential growth of data, and evolving business needs are expanding attack threat surfaces and bringing new challenges that elevate cyber as a strategic business issue. Collaboration across cyber, risk management, and business units is critical to neutralizing cyberthreats, protecting business value, and sustaining customer trust.

This year’s global survey—Deloitte’s largest cyber survey to date— polled leaders across industries in order to get a clearer picture of where cyber stands and where it is going. What we discovered is that cyber’s profile as an enabler is growing. Among organizations of all sizes, cyber is consistently earning a place on the agenda, becoming a focal point for business-critical initiatives and investment.

The study shows that decision-makers recognise the high importance of cyber for their company or institution. However, the cyber experts interviewed also see numerous challenges in the effective implementation of cyber measures. Therefore, the study not only analyses the current status, but also provides an outlook on the future of cyber security.

Cyber beyond

Cyber as a business priority is becoming more evident at the board level. In this year’s survey, 70% of respondents reported that cyber was on their board’s agenda on a regular basis, either monthly or quarterly. An overwhelming majority of survey respondents identified a strong connection between cyber and business impact—with 86% reporting that cyber initiatives made a significant, positive contribution on at least one key business priority. And most organizations are looking to build on that value proposition, with 58% planning to increase their cyber investment in the next year. Despite cyber’s potential as a business enabler, the ability to leverage it effectively can be inconsistent across organizations.

As part of this year’s survey, Deloitte identified high performing, cyber-mature organizations based on their level of cyber planning, their engagement on cyber at the board level, and the level of strategic action they have taken on cyber. Among the organisations considered for the survey, 38% have a low cyber maturity level, 41% a medium level and 21% a high level. The respective maturity level is determined on the basis of three criteria:

1. Robust cyber planning, indicated by the presence of strategic, operational, and tactical plans to defend against and respond to cyber threats
2. Key cyber activities, such as qualitative and quantitative risk assessment, industry benchmarking, and incident response scenario planning
3. Effective board engagement, exemplified by organizations whose boards address cyberrelated issues on a regular basis
   

The highest-performing organizations also were more likely to report positive contributions from their cyber initiatives in areas such as:

• improved brand reputation (64%) and improved customer trust and brand impact (62%)
• increased revenue (47%)
• improved operational stability involving the supply chain and partner ecosystem (59%)
• talent recruitment and retention (49%)

Cyber in the spotlight

As part of our latest Global Future of Cyber survey, we asked about the role that cyber plays in each of these leading digital transformation initiatives (Figure 1). The results are clear: executives see cyber playing a crucial role for all digital transformation priorities, especially when it comes to:

• Cloud
• Data analytics
  
• 5G
• Artificial Intelligence/Cognitive Computing
• Operational Technology/Industrial Control Systems

Key insights to shape the future of cyber: Five areas of focus