Deloitte survey finds businesses are not equipped
- October 24, 2019
With the fourth industrial revolution driving change and digitalisation at an exciting pace, the Deloitte’s 2019 Future of Cyber survey has found that there are notable gaps in organisations’ abilities to meet cybersecurity demands for the future. New markets are being created and with every innovation the world becomes more and more digitally connected. Cyber is growing and moving in multiple dimensions across multiple disciplines—beyond an organisation’s perimeter and IT environments, permeating the products it creates, the factories where it makes them, the spaces where its employees conceive them, and where its customers use them. Cyber is at the centre of digital transformation.
Findings of the Deloitte survey indicate that many cyber organisations are challenged by their ability to prioritise cyber risk across the enterprise (16 percent), followed closely behind by lack of management alignment on priorities and adequate funding, each at 15 percent.
“Cyber leaders today are focused on digital transformation as a catalyst for change for both the greater enterprise and their cyber agendas. The good news is the survey results show that organisations are no longer taking a wait-and-see philosophy to preparing for and responding to cyber incidents”, says Deloitte Africa Risk Advisory Cyber leader Eric Mc Gee, “There is a whole new way of thinking that is starting to occur with how organisations are going to achieve their business outcomes, and that is with a cyber everywhere mindset.”
Findings from the 500 C-suite cybersecurity executives surveyed also suggested that there is still much work to do in aligning cyber initiatives to executive management’s digital transformation priorities. There is a real gap that must be bridged, with finite budgets and resources as well as a lack of prioritisation by executive management. The overall consensus was that many organisations aren’t fully equipped to efficiently and effectively tackle today’s cyber demands.
Findings of the Future of Cyber survey include:
- 43 percent of surveyed CISOs indicated they report directly to the CEO. This is consistent across the total survey population where 32 percent of respondents indicated the CISO reported to the CEO, with only 19 percent indicating that the role reported to the CIO. In Deloitte’s experience facilitating hundreds of CISO transformation labs over the past five years and through informal collection of data, nearly 80 percent of CISOs report to a CIO or CSO. This indication that CISOs are, in fact, directly reporting to a CEO is quite encouraging but counter to Deloitte’s experience.
- Half of organisations (49 percent) have cybersecurity on their board agenda at least quarterly. On the other hand, half of boards are not discussing cyber as often as they should. More concerning is that only 4 percent of respondents say cybersecurity is on the agenda once a month.
- While organisations are prioritising digital transformation, only 14 percent of cyber budgets are allocated to provide for cybersecurity in transformation efforts.
- Less than 20 percent of organisations have security liaisons embedded within business units to foster greater collaboration, innovation, and security.
- Organisations are turning to third parties to manage certain functions of their cyber operations. According to 65 percent of the CISOs surveyed, 21-30 percent of total cyber operations are outsourced, with nearly half (48 percent) of CISOs selecting insider threat detection as a top function that they turn to third parties to manage.
- There’s a disconnect between the majority (85 percent) of the survey respondents who indicate that they are using Agile/DevOps in application development and then ranking DevSecOps lowest (11 percent) on the cyber defence priorities and investments areas, which may explain why 90 percent of organisations surveyed experienced disclosures of sensitive production data within the past year.
- Data integrity (35 percent) was the top-ranked cybersecurity threat respondents were most concerned about followed by unintended actions of well-meaning employees (32 percent) resulting in a negative event and then followed by technical vulnerabilities (31 percent).
“The aim of this survey report is to put the numbers into context and to expand the dialogue and acceptance of cyber everywhere so that organisations are not limited by it but empowered to embrace the opportunities it will create,” says Mc Gee.
As organisations embrace digital transformation and shift to the cloud increasing the complexity of technology infrastructure and outsourcing workloads to third parties, they are also expanding their cyber risk. Cyber will become more prolific across systems, platforms, and people — employees, customers, and partners. Deloitte notes that enterprise leadership will have to correlate all of that to stay ahead of the adversary and protect the organisation’s most valuable assets.
The Deloitte 2019 Future of Cyber Survey, in conjunction with Wakefield Research, polled 500 C-level executives who oversee cybersecurity at companies with at least $500 million in annual revenue including 100 CISOs, 100 CSOs, 100 CTOs, 100 CIOs, and 100 CROs between January 9, 2019, and January 25, 2019, using an online survey.
Also have a look at Cybersecurity trends in South Africa.