A New Era of Cyber
An Integration of Cybersecurity into Digital Transformation Strategies and Budgeting
Parichart Jiravachara, Cyber Partner, Technology & Transformation, Deloitte Thailand
Pongbodin Amarinthnukrowh, Senior Consultant, Growth, Deloitte Thailand
As artificial intelligence (AI) and emerging technologies continue to evolve at a rapid pace, cyber threats have become increasingly sophisticated—introducing new business complexities and risks for organizations around the globe. Alarmingly, the frequency and severity of cybersecurity breaches have surged, with a growing number of companies reporting incidents over the past year.
This escalating threat landscape highlights the rising importance of cybersecurity and the urgent need for organizations to achieve cyber maturity—the ability to effectively prevent, detect, and respond to cyberattacks. However, reaching this level of maturity is no easy feat. Learning from organizations that have successfully attained high levels of cyber maturity can offer valuable guidance and benchmarks. As stewards of enterprise value and strategic investment, Chief Financial Officers (CFOs) are uniquely positioned to champion cybersecurity not only as a cost center, but as a value enabler.
In late 2024, Deloitte conducted a global survey of nearly 1,200 leaders across a range of industries to understand their perspectives on cybersecurity, enterprise operations, and future priorities. The findings reveal a fundamental shift in mindset: among high-cyber-maturity organizations, 83% view cybersecurity not as a reactive function, but as a proactive and strategic component of their business, technology, and operations. Moreover, over 80% of respondents in these organizations reported integrating privacy considerations early in the product development cycle—laying the foundation for stronger digital trust and more robust data protection.
As cybersecurity becomes more tightly woven into business strategy, spending in this area is rising and increasingly integrated with broader digital initiatives—such as IT modernization, cloud migration, and enterprise transformation. On average, respondents report annual IT spending between US$147 million and US$266 million, with approximately 19% (US$39 million) allocated to cybersecurity. Over the next 12 to 24 months, this is expected to grow by an additional 3%.
While investments in cybersecurity are increasing, the returns are becoming more evident as well. High-cyber-maturity organizations report a range of tangible business benefits, including greater organizational resilience (76%), improved threat detection and response (74%), and stronger protection of intellectual property (74%)—far outpacing the outcomes reported by their lower-maturity counterparts.
Given this strong correlation between cybersecurity and business value, a critical question emerges: Are Thai organizations ready to embed cybersecurity into their digital strategies and budgets? To explore this, Deloitte Thailand conducted a national study between September 2024 and January 2025, comprising a quantitative survey and in-depth interviews with 334 C-suite executives. The research aimed to uncover how Thai business leaders perceive and approach digital transformation. Notably, the study found that nearly 44% of Thai firms are currently in the “Doing Digital” phase—leveraging digital tools to enhance their business, operating, and customer models.
When it comes to digital transformation budgets, Thai companies primarily focus on initiatives that deliver immediate operational improvements (39%), followed by efforts to enhance customer experience (32%) and explore new business models (29%). These findings reflect a growing recognition that digital transformation is central to business performance—and CFOs must now take a more active role in aligning digital investments with broader corporate objectives. But this leads to an important next question: How is digital transformation connected to cybersecurity?
As digital transformation has become a critical driver of business performance—not merely a choice but a necessity—it is vital to understand the key barriers preventing Thai organizations from realizing its full potential. Our research identifies several major challenges: a lack of expertise (35%), insufficient budget and resources (34%), legacy IT systems that hinder the adoption of new technologies (31%), and concerns around data privacy and security (28%). These are not just obstacles; they are foundational elements that must be addressed to enable successful digital transformation. Without tackling these core issues, organizations risk falling short of achieving meaningful and scalable digital progress.
This is where CFO leadership becomes indispensable. CFOs should recognize that the core enablers of digital transformation—including cybersecurity—are not solely IT concerns, but business-critical priorities that require strategic alignment across all departments and levels of the organization. To move forward effectively, organizations need to foster stronger collaboration, open information-sharing, and integrated decision-making. CFOs play a pivotal role in driving this change by ensuring cybersecurity and digital initiatives are not siloed, but embedded into broader business planning and budgeting processes. Moreover, cybersecurity, digital transformation, and overall business administration budgets should become more unified. CFOs may consider challenging other departments to proactively include digital transformation and cybersecurity in their funding plans. This integrated approach not only improves efficiency but also ensures that all stakeholders are aligned—understanding the strategic importance of digital investments and working collectively toward common goals.
In short, in today’s hyper-digital world, cybersecurity is no longer optional—it is deeply related to digital transformation and thus become foundational. CFOs must lead the charge in integrating it into broader digital and business strategies. By doing so, they can help their organizations build resilience, unlock value, and thrive in a rapidly changing risk environment.
Reference:
