Connect with us

Hi, what are you looking for?


Risk Management

Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte

Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation

Report Shows Major Disconnect Between Cybersecurity and Cyber Everywhere in Digital Transformation

In order to survive and thrive in the future, companies around the world are adopting digital transformation as part of the fourth industrial revolution. It is leading to a new ‘cyber everywhere’ environment where digital technology encompasses the business, its employees, its workspaces, its production facilities and the products it makes — and, of course, the Internet.

Deloitte queried 500 C-level security leaders (100 CISOs CSOs, CTOs, CIOs and CROs) to examine whether companies are taking advantage of the opportunities — and accounting for the dangers — inherent in this new cyber everywhere world. It came away encouraged in some areas, but with the overall conviction that companies are not yet doing everything they need to do. For example, it concludes that organizations are tackling various aspects of security, such as data, application, identity, infrastructure and response, but are not doing so well in aligning cyber initiatives to executive management’s digital transformation priorities.

Deloitte Logo

The result, suggests Irfan Saif, cyber innovation leader and principal in Deloitte Risk and Financial Advisory at Deloitte & Touche LLP, is that “With finite budgets and resources, and lack of prioritization by executive management, organizations are going to be tested to keep up with the cyber demands of digital transformation.”

One encouraging result from the survey is that 43% of surveyed CISOs indicate that they report directly to the CEO. The security reporting structure remains a contentious issue. Traditionally CISOs have reported to the CIO; but as cybersecurity has become both more important and more complex, there is an increasing demand that it should be stand-alone. 

“This is an important shift to note, as access and influence are imperative in helping executives prioritize and understand what is needed to propel the enterprise forward in the realm of cyber everywhere,” comments Deloitte. Nevertheless, it finds the figure somewhat surprising. In its own experience among its own customers, this figure would be nearer 20%.

One area where cybersecurity everywhere shows that it may not yet be receiving the priority it should is on the board. Almost half of the respondents indicated their company has cybersecurity on the board agenda at least quarterly. While this is good, and indicates an improving environment, it is still well short of optimum. It equally indicates that half of the organizations do not consider security to be worth automatic discussion on at least a quarterly basis. With digital transformation and cyber everywhere it could be argued that security should be a constant on board agendas; but only 4% of the respondents indicated that it was a monthly topic.

Advertisement. Scroll to continue reading.

Deloitte likens the process of digital transformation to trying to build a new plane while already flying it. “Executive management,” it says, “will need to reconsider how they achieve their business outcomes, reengineer strategies for addressing cyber risk, and create new ‘flight plans’ without skipping an operational beat. With each evolving challenge will come extraordinary opportunity.”

It remains concerned, however, that organizations are not doing all they can to avoid skipping that operational beat. According to the survey respondents, only 14% of cyber budgets are allocated to securing transformation efforts. And the long experienced disconnect between existing cyber security and business will likely increase with cyber everywhere — less than 20 percent of organizations currently have security liaisons embedded within business units to foster greater collaboration, innovation and security.

“There’s a whole new way of thinking that has to occur with how organizations are going to achieve their business outcomes, and that is with a cyber everywhere mindset,” comments Deloitte’s advise and implement leader, Emily Mossburg. “What surprised me most about the survey findings was how nascent this concept is in adoption.”

Deloitte draws five conclusions from its survey. Firstly, cyber requires more executive attention, budget, prioritization, people, tools, processes, governance, and overall collective thought than it currently gets.

Secondly, it needs a leader with the authority to drive change. Whether that is a business-savvy CISO or CIO, or a cyber-savvy business leader isn’t specified — the key point is the authority to drive change.

Thirdly, cyber will require organizations to become nimbler, more flexible, and more collaborative as they work to secure their organizations, their employees, their customers, and partners.

Fourthly, data complexities will continue to challenge many organizations, and solutions will need to be found.

And finally, automation, speed, and insights will power the future of cyber.

“As organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workload to third parties,” warns Mossburg, “they are also expanding their cyber risk. Cyber will become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership has to correlate all of that to stay ahead of the adversary and protect the organization’s most valuable assets.”

Related: Digital Transformation Presents Both Reward and Risk 

Related: Surviving Your Digital Transformation 

Related: Cybersecurity, Compliance Slowing U.S. Government’s Digital Transformation 

Related: A Pragmatic Approach to Your Digital Transformation Journey 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...