EY refers to the global organisation, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Why cyber is the litmus test for trust in government
As governments digitise and automate services, citizens don’t want to be told to ‘trust us’. They want to experience trustworthiness in every interaction – and that means a bigger role for cyber.
Across all three tiers, governments face a consistent challenge: do more with less. Agencies are digitising, meeting growing demand and modernising services, all while operating within tight budgets and skills constraints.
It makes sense that governments are turning to automation and artificial intelligence. Eligibility checks, digital health [DR1] services and citizen chatbots are already reshaping service delivery.
But the 2025 EY AI Sentiment Index found governments – the very institutions expected to set the standard for responsible AI – are among the least trusted to make decisions about AI in the public interest.
From cost of protection to value creation
Against this backdrop, the role of the chief information security officer (CISO) has evolved from a narrow focus on compliance to a pivotal player in enterprise-wide initiatives, including AI implementation.
But CISOs face an uphill battle. The 2025 EY Global Cybersecurity Leadership Insights Study shows just 10% of government CISOs are consulted early in strategic decisions, while 68% say it is difficult to articulate cyber’s value beyond risk protection.
The EY study also found cybersecurity can be a value multiplier. In fact, value-creation spend generates 6.6 times greater returns than security investment alone.
Secure Creators show the way
A cohort of cyber leaders – we’ve dubbed them ‘Secure Creators’ – are already proving what’s possible. Compared with their peers, they are more likely to:
- Improve the citizen experience (62% vs. 25%).
- Enhance external reputation (81% vs. 75%).
- Accelerate transformation (92% vs. 79%).
What sets Secure Creators apart?
First, they step out of a purely technical role to become strategic enablers. They align cyber with their agency’s goals, building sector knowledge and strategic acumen to strengthen their influence.
Second, they reframe cybersecurity from cost centre to value multiplier. They are able to quantify cyber’s contribution to their agency’s mission. In practice, this might be safer digital health platforms or faster complaint resolution through secure channels. But ultimately, they provide evidence that cyber isn’t the blocker in the basement, but a core enabler of trust and transformation.
Finally, Secure Creators lean into AI. The EY study found 44% of government cybersecurity functions are meaningfully involved in AI adoption today. Closing this gap is a golden opportunity for CISOs to strengthen trust, and to secure a seat at the table for broader transformation.
Building the foundation of trust
Trust is not an abstract principle. It is earned or lost through the security and reliability of the services people use every day. In a sector that underpins democracy, safety and public confidence, cyber-backed trust is the enabler of modernised services, and a driver of value creation.
This is part of a five-article series, Cyber at the speed of machines. Earlier articles from my colleagues Richard Bergman, Meaghan Stackpole and Clement Soh explored the global findings, consumer, and energy and resources perspectives. The final instalment, with Louise C. Theunissen, will focus on New Zealand.
The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.