Increasing cyber threat calls for strengthening of CISO role and active board involvement

Rotterdam, 25 October 2024

In the survey, Deloitte categorised organisations based on their cyber maturity. High-cyber-maturity organisations have a robust cybersecurity planning, effective board engagement, implementation of key cybersecurity activities, and deployment of artificial intelligence (AI) capabilities within their cybersecurity programmes. This year's survey highlights the urgency of cybersecurity, with 25% of high-cyber-matururity organisations reporting 11 or more incidents last year, an increase of 7% compared to 2023.

The survey highlights that the CISO's influence is growing across an increasingly cyber-savvy C-suite. With the rapid acceleration of AI-generated threats, exploiting vulnerabilities by impersonating trusted sources, their role is more important than ever. At the same time, while the CISO's expertise is increasingly important, organisations leverage novel AI solutions to ease the cybersecurity burden. For example, organisations use AI to monitor their digital infrastructure, advanced simulations and automated monitoring of networks, detect anomalies and respond to cyber threats, among other things.

• Roughly one-third of respondents said CISO involvement had significantly increased in the past year when it came to strategic conversations about technology capabilities.
• Over the last decade CISOs have traditionally reported to the chief information officer (CIO), however they are increasingly gaining the ear and trust of CEOs, as 20% of decision-makers revealed their CISOs now report directly to their CEO.
• Cybersecurity plays a large role in securing an organisation's investment in tech capabilities, particularly when it comes to the priority areas such as cloud (48%), generative AI (41%), and data analytics (41%).
• On average, 39% of respondents are using AI capabilities in their cybersecurity programmes to a large extent.

 "The rise of AI and other evolving technologies has significantly transformed the threat landscape. As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritisation and mitigation,” says Emily Mossburg, Deloitte Global Cyber Leader. "The close relationship between CISOs and CEOs is a testament to the role security plays in a business's long-term success. Today, CISOs are not only protectors against outside threats, but key players helping their organisation find success by integrating cyber considerations into the strategic decision-making process."

Organisations continue to embrace cyber as an essential component of their enterprise tech stack, budgeting strategies and future business plans. They increasingly rely on technology-driven initiatives to drive growth and innovation. The report finds that C-level recognises the potential of cyber.

• The top expected outcomes from cybersecurity initatives are protecting intellectual property (46%) and improving threat detection and response (44%).
• Overall, 83% of respondents identify qualitative risk assessments and benchmarking as essential to their cyber strategy.
• In addition, 58% of respondents expect to begin integrating cybersecurity spending with digital transformation, IT and cloud budgets.

The findings of the Future of Cyber report show that cybersecurity is essential for building trust and growth in a tech-powered future. Organisations need to invest in cyber talent, digital planning and collaboration with partners, and truly incorporate cyber into their strategic business initiatives.

Methodology

The fourth edition of Deloitte Global's Global Future of Cyber Survey focuses on the complex business and technology landscape. The report is based on a survey of nearly 1,200 cyber decision-makers across 43 countries and 6 industries, limited to organisations with at least 1,000 employees and an annual revenue of US$500 million.