Is your greatest risk the complexity of your strategy?
Find out more on the results of the EY 2023 Global & Swiss Cybersecurity Leadership Insights Study.
As the impacts — financial, regulatory and reputational — of cyberattacks mount, we wanted to understand how Swiss companies specifically are faring in the cybersecurity space and how they compare to global peers. We extended the EY 2023 Global Cybersecurity Leadership Insights Study to focus specifically on the Swiss market.
Companies around the world face evolving challenges in managing the cyber threats of today and tomorrow. Nevertheless, well over half (57%) of CISOs in Switzerland consider their organization to be well-positioned to address future threats; globally, 46% of CISOs said the same.
The global survey revealed “too many attack surfaces” as the biggest internal challenge to respondents’ cybersecurity approach, alongside the challenge of balancing security and speed. This rings true for Swiss companies as well. In terms of risk, Swiss companies share global concern around cloud at scale, with 39% flagging it as their primary concern. Artificial intelligence and machine learning also stand out as major security risks for Swiss companies, with 36% viewing these topics as a primary concern and 54% as a secondary one. It’s an interesting dilemma: emerging tech is driving the transformation of many organizes, yet it also creates new openings for cyber breaches. It also highlights the importance of aligning business and cybersecurity strategies at every level of the organization.
Satisfaction
71%of Swiss CISOs are satisfied with their overall cybersecurity approach.
More than three-quarters (76%) of companies worldwide take more than six months on average to detect cyber incidents – and face an average of 44 significant cyber incidents per year. Swiss-based companies have fewer annual incidents – just 14 on average – and also respond to those that do occur more quickly (under five months on average). This comparatively strong performance may explain why Swiss CISOs are significantly more satisfied with their overall cybersecurity approach (71% compared to 42% globally). Despite their comparative responsiveness, half of Swiss study participants raise the alarm about the ability of their cybersecurity defenses to meet evolving cyber threats quickly enough. This perhaps reflects as much on the pace of change in general as it does on Swiss companies’ ability to respond.
People and culture
The Swiss survey results highlight the role of people in what is at first glance a tech-driven topic. Security leaders widely acknowledge the potential for human error as a major weakness. This is why companies should invest in a strong security culture through training and awareness campaigns – and it’s also why malevolent forces so often target the human interface.
As in the global survey, six in 10 Swiss cyber leaders polled reported a lack of adherence to cybersecurity best practices among the non-IT workforce as one of the biggest internal challenges (ranking at number 4 out of 8). This mirrors the results of the global survey. Besides, only six in 10 Swiss-based companies are satisfied with the effectiveness of their cybersecurity training programs, only slightly more than the global average (50%). These findings point again to the need for better collaboration between IT and other business functions.
Staying on the people theme, companies are experiencing significant workforce gaps as the supply of qualified staff fails to keep up with demand. Against this backdrop, CISOs are looking beyond their current organizational chart to fill their growing cybersecurity talent needs. Globally, many firms see outsourcing as a key solution to the lack of skills and resources. Switzerland’s CISOs prefer to upskill the current cyber workforce and automate security processes to gain efficiency in security management. They are also investing in the retention and recruitment of cyber security employees. These measures are at the core of their talent strategy, with 71% saying these are significant or top priorities to prepare for future threats. This commitment to sustainable solutions rather than short-term fixes shows that Swiss companies are keen to lay a solid foundation to meet ongoing and evolving cyber needs.
Technology alone cannot solve cybersecurity issues.
This human-centric approach also goes hand in hand with the idea that technology alone cannot solve cybersecurity issues – a consensus among the Swiss CISOs. Besides, the majority agree that cybersecurity incidents will impact physical assets in the real world more in the next few years (89% agreed). Most (86%) agreed that the war on cybersecurity can’t be won. Instead, companies can only learn to adapt faster than malicious actors.
Cybersecurity the Swiss way
Switzerland is known for a certain degree of caution and a preference for the “middle way” in many situations. We see this to some extent in the Swiss participants’ responses to our study, which once again highlights the role of culture in the cybersecurity space.
Wait and see
43%of Swiss companies consider themselves early adopters of emerging technology.
Only 43% of Swiss enterprises consider themselves early adopters of emerging technology compared to the global average (65%). Although they’re willing to embrace advanced technology – such as AI or ML, SOAR, DevSecOps, and cloud orchestration and automation – they tend to wait until technology has been tried and tested elsewhere before adopting it themselves. They also tend to focus on technology that supports automation, simplification and streamlining of processes.
By embedding cybersecurity throughout the organization and embracing simplification, Swiss CISOs support positive behaviors that both protect and create value for their organization. Beyond the pure tech aspect, many also adopt specific strategies for managing complex attack surfaces across cloud, on-premise and third parties.
From defenders to creators of value
We believe that cybersecurity plays an important role in value creation, be that through greater trust from customers and suppliers or confidence to harness the benefits of ecosystems and partnerships without incurring risks. It means CISOs are creators, not just defenders, of value. Their approach to cybersecurity positively impacts their organizations’ ability to transform at pace, respond to market opportunities and focus on creating value.
Key action points emerging from the global and Swiss surveys include:
Summary
Cybersecurity leaders around the world are grappling with present and anticipated cybersecurity threats. While Swiss companies appear to perform above average across various criteria, they still face ongoing challenges. To balance security and speed, Swiss CISOs should focus on simplicity, holistic thinking and organization-wide integration of cybersecurity considerations.
Acknowledgment
Many thanks to Marc Wettering for his valuable contribution to this article.
