Where cybersecurity maturity meets confidence in C-suite and board leadership

As organizations continue to invest in and deploy advanced technologies like generative AI across business functions, proactively embedding cybersecurity measures becomes even more critical. In Deloitte Global’s fourth Global Future of Cyber survey, fielded in mid-2024, nearly 1,200 cyber decision-makers across 43 countries and six industries weighed in on actions their organizations are taking to align cybersecurity measures with broader tech-driven programs and digital business transformation efforts as they seek to enhance cybersecurity maturity.

Overall, respondents from organizations that have made the most progress report higher levels of confidence in their leaders’ ability to oversee cybersecurity risk. Just over half (52%) of all respondents are “very confident” in the C-suite’s and board’s ability to adequately navigate cybersecurity. Additionally, respondents from organizations with “high-cyber-maturity”— where cyber strategy is deeply integrated into strategic planning and technology investment, and where it’s widely seen as a business imperative—are much more confident in their leaders’ ability. Among these respondents, 82% say they are “very confident” that their C-suite and board are adequately navigating cybersecurity—30 percentage points above moderate maturity and more than 40 percentage points above low maturity counterparts.

In these high-cyber-maturity organizations, the chief information security officer and other cybersecurity leaders are reportedly being called in as experts to help guide investments in cloud-driven business initiatives, AI-enabled activities, enterprise resource planning modernization, and other digital transformation priorities. They are also involved in strategic conversations related to digital transformation. (For more on the role of the CISO: “Has the CISO finally been accepted as a key strategic player?”)

The survey also revealed that high-cyber-maturity organizations are more likely to be attuned to potential risks related to gen AI. Leaders in these organizations report they are closely monitoring gen AI-related threats, with about 80% identifying four primary risks they believe will impact their cybersecurity strategies: lack of explainability in gen AI outputs, information integrity issues stemming from gen AI algorithms, challenges in developing effective controls related to AI-human collaboration, and data poisoning—where attackers manipulate training data to influence gen AI outputs. As organizations consider automating more processes and sharing data with vendors, suppliers, and other collaborators, their digital ecosystems grow more complex—and so do the opportunities for cyber attackers. Staying ahead of these potential risks may become a defining trait of cyber-mature organizations.

Fostering strong cybersecurity connections can help organizations enhance collaboration, information-sharing, and decision-making related to cybersecurity. It can also help leaders make informed strategic decisions that align with business objectives and help them mitigate cyber risks more effectively. Organizations that prioritize cybersecurity and build strong cybersecurity connections may be better positioned to protect their assets, reputation, and resilience in an increasingly digital world.

Read the full report.