Analysis
Global Future of Cyber Survey 2023
Building long-term value by putting cyber at the heart of the business
Cyber has become foundational to business. Just as cyber threats shifted from an IT problem to a business problem, we also now see a shift in cyber strategies from IT to the business—ultimately to support strategic business objectives and growth. And the connection between cyber and value—impact—is coming into sharper focus. The results of the Global Future of Cyber Survey 2023, for which Deloitte conducted a global survey with over 1,000 global c-suite executives reinforce the importance of cyber as a critical success factor for all business areas.
The world is increasingly interconnected, bringing about new risks alongside the new growth opportunities. Digital technologies, exponential growth of data, and evolving business needs are expanding attack threat surfaces and bringing new challenges that elevate cyber as a strategic business issue. Collaboration across cyber, risk management, and business units is critical to neutralizing cyberthreats, protecting business value, and sustaining customer trust.
This year’s global survey—Deloitte’s largest cyber survey to date— polled leaders across industries in order to get a clearer picture of where cyber stands and where it is going. What we discovered is that cyber’s profile as an enabler is growing. Among organizations of all sizes, cyber is consistently earning a place on the agenda, becoming a focal point for business-critical initiatives and investment.
The study shows that decision-makers recognise the high importance of cyber for their company or institution. However, the cyber experts interviewed also see numerous challenges in the effective implementation of cyber measures. Therefore, the study not only analyses the current status, but also provides an outlook on the future of cyber security.
Cyber beyond
Cyber as a business priority is becoming more evident at the board level. In this year’s survey, 70% of respondents reported that cyber was on their board’s agenda on a regular basis, either monthly or quarterly. An overwhelming majority of survey respondents identified a strong connection between cyber and business impact—with 86% reporting that cyber initiatives made a significant, positive contribution on at least one key business priority. And most organizations are looking to build on that value proposition, with 58% planning to increase their cyber investment in the next year. Despite cyber’s potential as a business enabler, the ability to leverage it effectively can be inconsistent across organizations.
As part of this year’s survey, Deloitte identified high performing, cyber-mature organizations based on their level of cyber planning, their engagement on cyber at the board level, and the level of strategic action they have taken on cyber. Among the organisations considered for the survey, 38% have a low cyber maturity level, 41% a medium level and 21% a high level. The respective maturity level is determined on the basis of three criteria:
- Robust cyber planning, indicated by the presence of strategic, operational, and tactical plans to defend against and respond to cyber threats
- Key cyber activities, such as qualitative and quantitative risk assessment, industry benchmarking, and incident response scenario planning
- Effective board engagement, exemplified by organizations whose boards address cyberrelated issues on a regular basis
The highest-performing organizations also were more likely to report positive contributions from their cyber initiatives in areas such as:
- improved brand reputation (64%) and improved customer trust and brand impact (62%)
- increased revenue (47%)
- improved operational stability involving the supply chain and partner ecosystem (59%)
- talent recruitment and retention (49%)
Cyber in the spotlight
As part of our latest Global Future of Cyber survey, we asked about the role that cyber plays in each of these leading digital transformation initiatives (Figure 1). The results are clear: executives see cyber playing a crucial role for all digital transformation priorities, especially when it comes to:
- Cloud
- Data analytics
- 5G
- Artificial Intelligence/Cognitive Computing
- Operational Technology/Industrial Control Systems
Figure 1: Cyber in the spotlight
Cyber is expected to play a leading role in companies' digital transformation initiatives (Percentages may not add up to 100% due to rounding.)
Even as the organization’s focus shifts to the positive benefits and long-term business value that cyber readiness can bring, it is important to keep sight of cyber’s core ability to counter cyber threats, mitigating negative business consequences and risks. The frequency of cyber incidents or breaches has remained steady, with 91% of organizations reporting at least one.
Meanwhile, operational disruption continues to be the most significant impact of cyber incidents, although loss of revenue and loss of customer trust jumped in the rankings—to second and third place—with 56% of respondents reporting that they suffered related consequences to a moderate or large extent (Figure 2).
Figure 2: Feeling the pain
Cyber incidents and breaches are resulting in the following negative consequences for organizations (Based on frequency of top 2 ranking 2021, top 2 box selection in 2023)
Key insights to shape the future of cyber: Five areas of focus
1. Multidirectional engagement
High-performing organizations engage the entire organization in cyber activities. While high-maturity organizations, by definition, leverage more cyber leading practices than their medium- and low-maturity counterparts, the disparities in organizational engagement are among the starkest.
2. Criticality to digital transformation initiatives
High-maturity organizations are much more likely to value cyber as central to key digital transformation priorities. Adoption of these digital transformation priorities is essential to ensuring operational agility and business success. But each carries significant cyber risks, and high-maturity organizations may be especially attuned to that reality. For example, AI can be an enabler of cyber strategies and companies’ digital business ambitions, but it also introduces the potential for cyber risk that can come with any digital technology.
3. Robust planning
Planning is proving to be paramount for creating cyber strategies that effectively mitigate risk and drive business value. And the high-performing organizations identified in this report appear to be abundantly aware of planning’s importance. Highly cyber-mature organizations are more likely to have robust plans in place.
4. Appreciating and investing in talent
Cyber issues and activities are ultimately about people. Strong talent—in the form of people who are skilled, experienced, and cyber-focused—is a prerequisite for strong performance. Looking beyond traditional talent profiles has become crucial for securing the right people to drive cyber initiatives. Overall, high-maturity organizations appreciate the importance that experienced talent can bring to cyber efforts, and they are taking meaningful steps to retain valuable talent.
5. A diverse ecosystem of tools and services
As they look to lead in the future of cyber, high maturity organizations are acutely aware that they cannot do it alone. They must rely on an extended ecosystem of technologies, capabilities, and external offerings to create future-facing cyber capabilities that can also support business value. While deploying tools and services increases cyber readiness, it also creates a need for strong ecosystem planning, management, and operations.
So where do we go from here?
- The days of “cyber as an afterthought” are gone.
- New technological capabilities will be more effective when strong cyber strategies are part of the picture.
- Emerging technologies will bring along with them innovative solutions that can support future business models—but they also present unforeseen challenges on the cyber front.