Deloitte Global future of cyber Survey has Indicated that many organisations aren’t positioned for success in tackling cyber demands.
The report highlights the dissonance between what organisations aspire to versus the current reality of their cyber posture. Also, Deloitte findings revealed that lack of cyber talent, budget, and operational alignment is key.
The fourth industrial revolution is driving change and digitalisation at an exciting pace. New markets are being created and with every innovation the world becomes more and more digitally connected.
Cyber is growing and moving in multiple dimensions across multiple disciplines—beyond an organisation’s perimeter and IT environments, permeating the products it creates, the factories where it makes them, the spaces where its employees conceive them, and where its customers use them. Cyber is at the centre of digital transformation.
According to Deloitte’s 2019 Future of Cyber survey, there are notable gaps in organisations’ abilities to meet cybersecurity demands for the future.
Findings indicate that many cyber organisations are challenged by their ability to prioritise cyber risk across the enterprise (16 per cent), followed closely behind by lack of management alignment on priorities and adequate funding, each at 15 per cent.
“Cyber leaders today are focused on digital transformation as a catalyst for change for both the greater enterprise and their cyber agendas.
The good news is the survey results show that organisations are no longer taking a wait-and-see philosophy to preparing for and responding to cyber incidents”, says Deloitte Africa Risk Advisory Cyber leader Eric Mc Gee, “There is a whole new way of thinking that is starting to occur with how organisations are going to achieve their business outcomes, and that is with a cyber everywhere mindset.”
Findings from the 500 C-suite cybersecurity executives surveyed also suggested that there is still much work to do in aligning cyber initiatives to executive management’s digital transformation priorities.
There is a real gap that must be bridged, with finite budgets and resources as well as a lack of prioritisation by executive management. The overall consensus was that many
organisations aren’t fully equipped to efficiently and effectively tackle today’s cyber demands.
Findings of the Future of Cyber survey include:
READ ALSO: Deloitte Africa Honoured For Efforts Towards Increasing Representation Of Women
- 43 per cent of surveyed CISOs indicated they report directly to the CEO. This is consistent across the total survey population where 32 per cent of respondents indicated the CISO reported to the CEO, with only 19 per cent indicating that the role reported to the CIO. In Deloitte’s experience facilitating hundreds of CISO transformation labs over the past five years and through informal collection of data, nearly 80 per cent of CISOs report to a CIO or CSO. This indication that CISOs are, in fact, directly reporting to a CEO is quite encouraging but counter to Deloitte’s experience.
- Half of organisations (49 per cent) have cybersecurity on their board agenda at least quarterly. On the other hand, half of the boards are not discussing cyber as often as they should. More concerning is that only 4 per cent of respondents say cybersecurity is on the agenda once a month.
- While organisations are prioritising digital transformation, only 14 per cent of cyber budgets are allocated to provide for cybersecurity in transformation efforts.
- Less than 20 per cent of organisations have security liaisons embedded within business units to foster greater collaboration, innovation, and security.
- Organisations are turning to third parties to manage certain functions of their cyber operations. According to 65 per cent of the CISOs surveyed, 21-30 per cent of total cyber operations are outsourced, with nearly half (48 per cent) of CISOs selecting insider threat detection as a top function that they turn to third parties to manage.
- There’s a disconnect between the majority (85 percent) of the survey respondents who indicate that they are using Agile/DevOps in application development and then ranking DevSecOps lowest (11 per cent) on the cyber defence priorities and investments areas, which may explain why 90 per cent of organisations surveyed experienced disclosures of sensitive production data within the past year.
- Data integrity (35 per cent) was the top-ranked cybersecurity threat respondents were most concerned about followed by unintended actions of well-meaning employees (32 per cent) resulting in a negative event and then followed by technical vulnerabilities (31 per cent).
“The aim of this survey report is to put the numbers into context and to expand the dialogue and acceptance of cyber everywhere so that organisations are not limited by it but empowered to embrace the opportunities it will create,” says Mc Gee.
As organisations embrace digital transformation and shift to the cloud increases the complexity of technology infrastructure and outsourcing workloads to third parties, they are also expanding their cyber risk. Cyber will become more prolific across systems, platforms, and people — employees, customers, and partners. Deloitte notes that enterprise leadership will have to correlate all of that to stay ahead of the adversary and protect the organisation’s most valuable assets.
Methodology
The Deloitte 2019 Future of Cyber Survey, in conjunction with Wakefield Research, polled 500 C-level executives who oversee cybersecurity at companies with at least $500 million in annual revenue including 100 CISOs, 100 CSOs, 100 CTOs, 100 CIOs, and 100 CROs between January 9, 2019, and January 25, 2019, using an online survey.
