Connect with us

Hi, what are you looking for?


Risk Management

Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte

Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation

Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation

In order to survive and thrive in the future, companies around the world are adopting digital transformation as part of the fourth industrial revolution. It is leading to a new ‘cyber everywhere’ environment where digital technology encompasses the business, its employees, its workspaces, its production facilities and the products it makes — and, of course, the Internet.

Deloitte queried 500 C-level security leaders (100 CISOs CSOs, CTOs, CIOs and CROs) to examine whether companies are taking advantage of the opportunities — and accounting for the dangers — inherent in this new cyber everywhere world. It came away encouraged in some areas, but with the overall conviction that companies are not yet doing everything they need to do. For example, it concludes that organizations are tackling various aspects of security, such as data, application, identity, infrastructure and response, but are not doing so well in aligning cyber initiatives to executive management’s digital transformation priorities.

Deloitte Logo

The result, suggests Irfan Saif, cyber innovation leader and principal in Deloitte Risk and Financial Advisory at Deloitte & Touche LLP, is that “With finite budgets and resources, and lack of prioritization by executive management, organizations are going to be tested to keep up with the cyber demands of digital transformation.”

One encouraging result from the survey is that 43% of surveyed CISOs indicate that they report directly to the CEO. The security reporting structure remains a contentious issue. Traditionally CISOs have reported to the CIO; but as cybersecurity has become both more important and more complex, there is an increasing demand that it should be stand-alone. 

“This is an important shift to note, as access and influence are imperative in helping executives prioritize and understand what is needed to propel the enterprise forward in the realm of cyber everywhere,” comments Deloitte. Nevertheless, it finds the figure somewhat surprising. In its own experience among its own customers, this figure would be nearer 20%.

One area where cybersecurity everywhere shows that it may not yet be receiving the priority it should is on the board. Almost half of the respondents indicated their company has cybersecurity on the board agenda at least quarterly. While this is good, and indicates an improving environment, it is still well short of optimum. It equally indicates that half of the organizations do not consider security to be worth automatic discussion on at least a quarterly basis. With digital transformation and cyber everywhere it could be argued that security should be a constant on board agendas; but only 4% of the respondents indicated that it was a monthly topic.

Advertisement. Scroll to continue reading.

Deloitte likens the process of digital transformation to trying to build a new plane while already flying it. “Executive management,” it says, “will need to reconsider how they achieve their business outcomes, reengineer strategies for addressing cyber risk, and create new ‘flight plans’ without skipping an operational beat. With each evolving challenge will come extraordinary opportunity.”

It remains concerned, however, that organizations are not doing all they can to avoid skipping that operational beat. According to the survey respondents, only 14% of cyber budgets are allocated to securing transformation efforts. And the long experienced disconnect between existing cyber security and business will likely increase with cyber everywhere — less than 20 percent of organizations currently have security liaisons embedded within business units to foster greater collaboration, innovation and security.

“There’s a whole new way of thinking that has to occur with how organizations are going to achieve their business outcomes, and that is with a cyber everywhere mindset,” comments Deloitte’s advise and implement leader, Emily Mossburg. “What surprised me most about the survey findings was how nascent this concept is in adoption.”

Deloitte draws five conclusions from its survey. Firstly, cyber requires more executive attention, budget, prioritization, people, tools, processes, governance, and overall collective thought than it currently gets.

Secondly, it needs a leader with the authority to drive change. Whether that is a business-savvy CISO or CIO, or a cyber-savvy business leader isn’t specified — the key point is the authority to drive change.

Thirdly, cyber will require organizations to become nimbler, more flexible, and more collaborative as they work to secure their organizations, their employees, their customers, and partners.

Fourthly, data complexities will continue to challenge many organizations, and solutions will need to be found.

And finally, automation, speed, and insights will power the future of cyber.

“As organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workload to third parties,” warns Mossburg, “they are also expanding their cyber risk. Cyber will become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership has to correlate all of that to stay ahead of the adversary and protect the organization’s most valuable assets.”

Related: Digital Transformation Presents Both Reward and Risk 

Related: Surviving Your Digital Transformation 

Related: Cybersecurity, Compliance Slowing U.S. Government’s Digital Transformation 

Related: A Pragmatic Approach to Your Digital Transformation Journey 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.