2020

Consumer Cyber Survey

In Deloitte’s Consumer Cyber Survey, we assess Danish consumer businesses’ cyber resiliency and maturity level and shed light on how the current cyber landscape looks like. Read the full report in the sections below.

Editorial

During the last few years, consumer businesses have been in for a rude awakening in terms of cybersecurity.

From strict regulations, such as the European General Data Protection Regulation (GDPR) to crippling cyber-attacks, including the infamous NotPetya, it has been necessary for businesses to change their understanding of what it takes to stay ahead of the curve in cyber. It is yet to be seen whether these events have brought any meaningful change to the industry. This survey aims to provide a sneak peek.

In this survey, we focus on the consumer businesses in Denmark and especially the sector's ability to respond to the ever-increasing cybersecurity regulation and threats. Our study uncovers three major trends that may shed some light:

There is increased awareness of cybersecurity. It is no surprise that consumer businesses are more alert to cyber-attacks with several high-profile incidents reported in recent times. This has led to increased senior management attention to cybersecurity; yet, this seems to be a temporary interest linked to news coverage rather than a lasting, true understanding of the underlying problem.

There is also increased confidence, which may be misleading. With increased awareness, we have also seen an increase in self-confidence in terms of consumer companies’ perception of their cyber capabilities, e.g. how close they are to an ideal setup. This is surprising, given that several attacks have only recently exposed the same companies’ lack of preparedness and low maturity regarding the subject. We urge companies to be mindful of this false sense of security.

There are still several low-hanging fruits available for improvement. Similar to our survey on the public sector, there are several fundamental solutions that Danish consumer companies can implement to improve their cyber resiliency. These are “no regrets” capabilities that we expect every company to implement to a certain degree to firmly establish their security baseline.

In summary, it seems that Danish consumer companies have learned from regulations and cyber-attacks in the past few years but are yet to implement meaningful change for a lasting effect. What is alarming is the increasing self-confidence, which may be the result of increased awareness rather than actual cyber capability.

We hope you find this survey interesting. Please do not hesitate to contact us if you would like further information.

Methodology

The 2020 Consumer Cyber Survey is based on 74 quantitative CATI interviews with Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and cybersecurity managers employed with Danish consumer businesses. In this case, a consumer business is defined as a B2B or a B2C company operating in either the Automotive sector, the Consumer Products sector, the Retail, Wholesale & Distribution sector or the Transportation, Hospitality & Services sector. The quantitative interviews were conducted by Epinion in the period from May to July 2020 on behalf of Deloitte. Deloitte has concurrently conducted qualitative interviews with CIOs, CISOs and Information Security Managers of Danish consumer businesses.


These interviews have since been anonymised and will appear as quotes throughout the report.

The survey questions were formulated by Deloitte Denmark’s Cyber Risk unit, which also conducted the qualitative interviews. The telephonic survey, as well as the qualitative interviews, were originally conducted in Danish and have since been translated into English. The overall purpose of the survey is to examine Danish consumer businesses’ cyber resiliency, maturity and risk level in the current cyber landscape.

Contact us

Serdar Cabuk

Partner