Deloitte Global’s Future of Cyber survey shows how organisations around the world are adapting to a shifting threat landscape by amplifying the CISO role and integrating cyber with tech-driven transformation

SINGAPORE, 22 November 2024 - Deloitte Global released the fourth edition of the Global Future of Cyber survey, which found that cybersecurity is increasingly becoming a cornerstone of many organisations’ growth strategies and business plans amidst today’s advanced and complex threat landscape. The findings from Deloitte Global’s largest cyber-related survey to date show how decision-makers are shifting their responses to cyber threats. Among other strategies, businesses are increasing the responsibility and strategic influence assigned to chief information security officers (CISOs), promoting further involvement from the board on cybersecurity-related matters, and turning to measures like artificial intelligence (AI).

In recent years, the ever-evolving tech environment has led Deloitte to identify organisations based on their level of cyber maturity in the survey findings. Key indicators of a high-performing, cyber-mature organisation include increased efforts of cyber planning, implementation of key cybersecurity activities, cyber engagement at the board level, and deployment of AI within their cyber programmes.

This year’s survey reinforces the urgency of securing cyber systems, as 25% of respondents from cyber-mature businesses reported 11 or more cybersecurity incidents in the past year, a 7% increase of incidents since the 2023 survey. Stemming from the climbing number of cyberattacks, the report underlines the growing responsibilities CISOs are having as important allies to their CEOs and boards, particularly as their influence expands across an increasingly tech-savvy C-suite.

"The rise of AI and other evolving technologies has significantly transformed the threat landscape. As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritisation and mitigation,” says Emily MOSSBURG, Deloitte Global Cyber Leader. “The close relationship between CISOs and CEOs is a testament to the role security plays in a business’s long-term success. Today, CISOs are not only protectors against outside threats, but key players helping their organisation find success by integrating cyber considerations in the strategic decision-making process.”

Singapore respondents get strategic about cybersecurity, while keeping an eye on AI

Amongst Singapore respondents, the survey has revealed a recognition of cybersecurity as a business-critical issue that calls for integration across all functions and levels of the organisation. More than two-thirds or 68% of Singapore respondents – significantly above the global average of 58% – expect cybersecurity spend to become integrated with the budgets for initiatives such as digital transformation, IT programmes, and cloud investments. Several other key findings also suggest an increasingly integrated cyber function across business and technology.

• More than one-third of Singapore respondents report a significant increase in CISO involvement during strategic conversations about tech-related capabilities in the past year, particularly around cloud, quantum computing, and data analytics.
• Over the last decade, CISOs have traditionally reported to the chief information officer (CIO); however, they are increasingly gaining the ear and trust of CEOs, as 19% of Singapore respondents revealed their CISOs now report directly to the CEO.
• Cyber is playing a large role in securing an organisation’s investment in tech capabilities, particularly when it comes to priority areas such as customer identity and access management (CIAM) (61%), cloud (58%), and data analytics (46%).

“The march toward cybersecurity budget integration tracks closely with the emerging reality that cybersecurity is a driver of business ambitions. Consequently, we have observed that organisations are not only changing the way they enhance and secure their technological capabilities, but also the way they create new offerings. For instance, 91% of Singapore respondents – significantly higher than the global average of 83% – indicated that they are embedding privacy concerns into the early stages of product development to better safeguard customer data and foster greater digital trust. This suggests that DevSecOps processes are reaching a new era of maturity, with an increasing number of cybersecurity leaders successfully embedded into product design and development teams,” comments THIO Tse Gan, Deloitte Southeast Asia Cyber Leader.

While the future of AI is evolving, so too is the future of cyber. Given the importance of AI today, it was included in the index for cyber maturity for this edition of the survey. Amongst Singapore respondents, the findings point towards several key areas that are coming into focus:

• On average, 43% of Singapore respondents are using AI in capabilities in their cybersecurity programs to a large extent.
• Top three AI capabilities used to a large extent in cybersecurity programs amongst Singapore respondents include generating advanced cybersecurity simulations (51%), enabling faster response time to potential security threats (49%), and enabling automated security responses (49%).
• Top Gen AI-related risks that Singapore respondents expect to impact their cybersecurity strategy to a large extent include data poisoning (51%), gaps in current DevSecOps processes (51%), and explainability in Gen AI outputs (44%).

“Organisations today are confronted with a tidal wave of artificially generated content that is now targeting and exploiting vulnerabilities by impersonating trusted sources. But this does not mean that they are powerless in the face of these threats. In fact, leading organisations are taking proactive steps to make sure they do not become victims by leveraging novel AI solutions to ease the cybersecurity burden, and updating their cybersecurity strategies to keep pace with continuous technology innovation,” adds Tse Gan.

For more information, please visit www.deloitte.com/global-future-of-cyber.

Methodology

Deloitte Global designed its fourth edition of the Global Future of Cyber Survey based on the complexity of today's business and technology landscape, focusing on the needs of enterprise leaders who may recognise the importance of cyber yet struggle to harness its value. Deloitte Global based its report on a survey of nearly 1,200 cyber decision-makers at the director level or higher (C-suite executives and C-suite direct reports), across 43 countries and 6 industries limited to organisations with at least 1,000 employees and US$500 million in annual revenue.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organisation”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.

Deloitte Asia Pacific Limited is a company limited by guarantee and a member firm of DTTL. Members of Deloitte Asia Pacific Limited and their related entities, each of which are separate and independent legal entities, provide services from more than 100 cities across the region, including Auckland, Bangkok, Beijing, Hanoi, Hong Kong, Jakarta, Kuala Lumpur, Manila, Melbourne, Osaka, Seoul, Shanghai, Singapore, Sydney, Taipei and Tokyo.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organisation”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.

No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.

© 2024 Deloitte Southeast Asia Ltd.