2020

Cyber Survey

Next normal – more digital

In our 2020 Cyber Survey, we investigate the dynamic between the light and dark side of the Danish cyberspace – as observed and experienced by our participating companies across four sectors. Read the full report in the sections below.

Editorial

The fourth industrial revolution – accelerated by the COVID-19 pandemic – has resulted in a more digitally connected world. Whilst this has allowed companies and people to connect irrespective of space and time – fostering a feeling of a somewhat smaller world – it has also attracted organised criminals to create their own sub-culture in the cyberspace.

The 2020 edition of our annual cyber survey investigates this interesting dynamic between the light and the dark side of the Danish cyberspace – as observed and experienced by our participating companies across four sectors: the financial sector, the consumer goods sector, the public sector, and the energy, resources and industrials sector.

Our survey shows several security trends in the cyberspace that are common to all four sectors. For example, the majority of the organisations have experienced a considerable increase in the cybersecurity threats in the past two to five years. Against this backdrop, the demand for cybersecurity skills has skyrocketed with increased competition for proficient talents. We also observed that most organisations now report that cybersecurity has become a topic for the C-level executives and the Board, although it still does not feature regularly on the agenda to make a difference.

There are also marked differences as to how organisations perceive cybersecurity in different sectors. For example, public sector and energy, resources and industrials sector organisations find it a bit easier to retain and develop cybersecurity talent, perhaps offering them a bigger purpose in their roles.

We have also seen financial sector organisations paint a more pessimistic picture of their cybersecurity capabilities than others. This is contrary to the general perception of higher maturity of cybersecurity in the financial sector. Yet this may be due to the financial sector organisations having a more informed and realistic understanding of cybersecurity, having fought cybercrime for years. Lastly, supplier security continues to be the Achilles heel of the Danish organisations. Yet consumer businesses seem to be having the most issues with increasingly global and complex supply chains.

Our survey offers several key takeaways for Danish companies. Despite increased recognition and awareness, we still find baseline security capabilities lacking for the majority of organisations. Implementing basic security hygiene, training your people in threats and protection, detecting threats early and responding to them effectively with regular testing goes a long way in raising your defences against cyberattacks. Just like in a pandemic.

Our overall conclusion this year is that cybersecurity has finally found its space in the right circles and caught the eye of our most senior executives. The jury is out on whether this attention and perceived improvement will result in the continued evolution of the cybersecurity thinking and capability in the Danish organisations, and result in true action.

We are cautiously optimistic. As the world enters a new era with unprecedented focus on infection, disruption and resiliency, we believe cybersecurity is here to stay to play a key role in a more sustainable and resilient business world.

We hope you enjoy reading our survey with key insights from your peers. Please do not hesitate to contact us if you would like further information.

Methodology

Deloitte’s 2020 Cyber Survey is based on a total of 298 quantitative computer assisted telephone interviews (“CATI”) with Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), cybersecurity managers and other cybersecurity responsibles employed with organisations across the public sector, the financial sector, the consumer goods sector, and the energy, resources and industrials sector in Denmark. The numbers presented throughout this report are primarily averages of the results from across the various sectors.

The four sectors are defined as follows:

The public sector (PS) encompasses state-owned or state-affiliated businesses and organisations operating within the health and social care sector, the defence, the security and justice sector, the civil government sector, the international donor organisations sector and the transport sector. 80 of the 298 CATI interviews were conducted in the public sector. In the report, the public sector will be referred to as PS.

The financial sector (FS) encompasses businesses operating within the banking and capital markets sector, the insurance sector and the investment management sector. 68 of the 298 CATI interviews were conducted in the financial sector. In the report, the financial sector will be referred to as FS.

The consumer goods sector (CGS) encompasses B2B or B2C companies operating in the automotive sector, the consumer products sector, the retail, wholesale and distribution sector, or the transportation, hospitality and services sector. 74 of the 298 CATI interviews were conducted in the consumer goods sector. In the report, the consumer goods sector will be referred to as CGS.

The energy, resources and industrials sector (ERS) encompasses companies operating in the power and utilities sector, the mining and metals sector, the oil, gas and chemicals sector, or the industrial products and construction sector. 76 of the 298 CATI interviews were conducted in the energy, resources and industrials sector. In the report, the energy, resources and industrials sector will be referred to as ERS.

The telephone interviews were conducted by Epinion from January to August 2020 on behalf of Deloitte. The interviews in the different sectors were conducted independently; as a result, there are slight differences in the questions posed to the different sectors. Deloitte has concurrently conducted qualitative interviews with CIOs, CISOs, cybersecurity managers and other cybersecurity responsibles of Danish organisations across the four sectors. These interviews have since been anonymised and will appear as quotes throughout the report.

The survey questions were formulated by Deloitte Denmark’s Cyber Risk team, which also conducted the qualitative interviews. The telephone survey, as well as the qualitative interviews, were originally conducted in Danish and have since been translated into English. The overall purpose of the survey is to examine Danish businesses’ cyber resiliency, maturity and risk levels in the current cyber threat landscape.

Contact us

Serdar Cabuk

Partner