Deloitte Global survey finds increase in cyberattacks driven by organisations’ digital transformations

• 72% of survey respondents indicated their organisations experienced between one and ten cyber incidents and breaches in the last year alone
• Despite risks, an overwhelming majority of CFO respondents will continue to move their business’s financial systems or Enterprise Resource Planning (ERP) to the cloud
• Almost 75% of respondents who had more than US$30 billion in revenue said they will spend more than US$100 million on cybersecurity this year
  
  

27 October 2021 – Deloitte Global’s 2021 Future of Cyber Survey reveals that amid the acceleration of digital transformation, 69% of global leaders surveyed noted a significant increase in cyberattacks at their companies this year.

However, despite the elevated risk environment, leaders plan to continue to invest heavily in digital transformation—with 94% of chief financial officer (CFO) respondents looking to move their financial systems or Enterprise Resource Planning (ERP) to the cloud.

The survey also revealed that while there is no simple solution, there are a number of measures, which, when taken together, can enable organisations to embed cyber in every aspect of their business.

The responses from nearly 600 global C-level executives who have visibility into the cybersecurity functions of their organisations were analysed, with the hope of increasing communication around embedding cyber into the core of every business, while providing insights on how organisations can increase visibility into complex technological ecosystems and implement best practices to better prepare for an unpredictable cyber future.

“Over the last year, businesses have been working overtime to remain competitive amid rapid technological change as accelerated digital transformation has drastically increased organisations’ vulnerability to cyberattacks,” says Emily Mossburg, Deloitte Global Cyber Leader.

“As the complexities of integrated environments continue to grow, leaders must prioritise incorporating cyber into every part of their business or risk the consequences of inadequate cyber protections.”

Anu Nayar, Deloitte New Zealand Cyber Leader says “as we continue to accelerate our adoption of cloud as the way we compute and embrace digital and data as the way we serve our communities here in New Zealand and compete globally, we are facing increased volatility, unpredictability and disruption from cyber-attacks. Ransomware, DDoS and supply chain attacks have all proven how much they can affect our daily lives here in New Zealand and pose harm.”

Digital transformation has heightened the need for cyber strategies

With more than half of businesses experiencing an increase in threats to their organisations throughout 2020, risks have never been higher as the shift to remote and hybrid working becomes more common for businesses worldwide. Organisations are continuing to face challenges balancing investments in digital transformations to remain competitive while protecting their systems from potential breaches. A number of chief information officers (CIOs) and chief information security officers (CISOs) surveyed (41%) acknowledge that transformation and gaining visibility across increasingly complex hybrid ecosystems is the greatest challenge they face.

The wave of Zero Trust

In building a technology-forward, protected enterprise, Deloitte Global’s survey suggests the areas causing CIOs and CISOs the most significant challenge in managing cyber risk are transformation/hybrid IT (41%) and cyber hygiene (26%). As a result, companies are leveraging Zero Trust—a set of architectural guidelines that are based on the fundamental principle of “never trust, always verify”—to bridge the gap between business, IT and cyber domains reducing operational complexity and simplifying ecosystem integration. Businesses that leverage Zero Trust are leading the way in organisational change to better enable digital transformation by building security infrastructures to handle the speed of these transformations.

“While we all appear to be keen to move to a “Zero-Trust” approach, this will demand a more important shift for us from the default of Trust (that our technology will work without failure, that our service providers are infallible, and that the bad actors won’t target us) to Verifying Everything. This shift requires us to be more courageous as leaders, diversify the perspectives and voices we reflect on, and consider cyber resilience as central to our strategic journeys and operational delivery,” said Mr Nayar.

Investing in cyber means investing in the CISO

With hackers becoming savvier, organisations are more inclined to increase their cyber defence budgets. Among the survey respondents, almost 75% of leaders with more than US$30 billion in revenue reported they will spend more than US$100 million on cybersecurity protections this year.

The convergence of technological prowess and increased cyber risk are changing the roles of today’s CISOs. As technology integrates further into daily business initiatives, so should the CISO’s responsibilities. According to our survey, there has been an increase of CISOs reporting to CEOs, going from 32% in 2019 to 42% in 2021 in the United States, and reaching 33% globally. This alignment allows for greater transparency on business initiatives and enhanced engagement at most levels – most importantly with C-suite executives like CFOs and chief marketing officers (CMOs) whose relationships with the CISO are critical in mitigating risk and creating authentic, safe customer experiences.

Over the next three years, CIOs and CISOs will continue to prioritise cyber. Respondents ranked security capabilities (64%), enhancing privacy capabilities (59%), demonstrating compliance capabilities (50%), and improving business efficiency and intelligence (45%) as the drivers for their adoption of emerging technologies. Among respondents from organisations headquartered in Asia Pacific, enhancing privacy capabilities is the top driver of the adoption of emerging technologies (63%), followed by security capabilities (49%) and demonstrating compliance capabilities (49%).

“Bolstering our cyber situational intelligence, taking the time and care to consume cloud services with the appropriate guardrails deployed and monitored for effectiveness, and being proactive in understanding and managing our “extended enterprises” - are all critical to our success, resilience and wellbeing as a nation.

“Our customers and society expect ethical use of their data, resilient and safe services, and sound stewardship. Our success today and into the future depend on us grappling with and solving our cyber challenges at the executive and board tables, and not just leaving it to the technologists to resolve,” says Mr Nayar.

For more information and to view the full survey results visit: The Future of Cyber Survey 2021

ENDS

Methodology

The Deloitte 2021 Future of Cyber Survey, conducted by both Deloitte Global and Wakefield Research, polled nearly 600 C-level executives about cybersecurity at companies with at least US$500 million in annual revenue including nearly 200 CISOs, 100 CIOs, 100 CEOs, 100 CFOs, and 100 CMOs between 6 June – 24 August 2021, using an online survey.

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organisation”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.

Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which are separate and independent legal entities, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.

Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. Our professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Learn how Deloitte’s more than 345,000 people worldwide make an impact that matters at www.deloitte.com.

Deloitte New Zealand brings together more than 1600 specialist professionals providing audit, tax, technology and systems, strategy and performance improvement, risk management, corporate finance, business recovery, forensic and accounting services. Our people are based in Auckland, Hamilton, Rotorua, Wellington, Christchurch, Queenstown and Dunedin, serving clients that range from New Zealand’s largest companies and public sector organisations to smaller businesses with ambition to grow. For more information about Deloitte in New Zealand, look to our website www.deloitte.co.nz.

© 2021. For information, contact Deloitte Global.