Cyber and privacy leaders' agenda
Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.
It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.
“Secure Creators” are redefining cybersecurity in their industries. This cohort of organizations was identified in the 2023 EY Global Cybersecurity Leadership Insights survey, which polled 500 global c-suite experts to assess their current cyber performance, their readiness for emerging and future threats, and their chief challenges. Secure Creators have fewer cyber incidents, were quicker to respond, and provided 1.5 to 2 times more positive impact on their organization in terms of value creation, innovation and responsiveness to market opportunities when compared to their lower-performing counterparts.
They accomplished this not by simply deploying the right technology, innovating effectively, communicating across their organizations and minimizing attack surfaces, but by executing each of those practices better than their peers.
Here are four actions CISOs can take to better prepare for today and tomorrow:
-
Reduce technology complexity
Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.
Secure Creators embrace technology but with an eye for simplicity. They are quick to experiment with novel solutions, with 72% saying they are early adopters of new technology versus 55% of “Prone Enterprises,” the weaker group in the survey. But they are also more likely to use security orchestration, automation and response, and are late-stage adopters of robotic process automation. This indicates an eye on innovations that cohere into an orchestrated, pan-organizational defense.
Why organizations should prepare for quantum computing cybersecurity now
Quantum technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography.
14 Apr 2023
How emerging technologies can usher in the dawn of pervasive intelligence
“Pervasive intelligence” will emerge through a massively distributed digital connectivity and cloud fabric, transforming our economy.
8 Aug 2023
-
Reduce the attack surface
As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.
Secure Creators are more likely to be paying attention to supply chain risks than Prone Enterprises (39% vs. 20%). CISOs should be involved in vendor selection decisions and should help set partner relationships to bring higher levels of assurance to supply chains and to ensure there is a cyber lens to supply decisions.
The CIO Imperative: How emerging tech can accelerate a path to sustainability
Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.
15 Feb 2023
Quantum computing: 5 steps to take now
Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks.
21 Nov 2022
How banks can maximize long-term value by minimizing third-party risk
Working with third parties is necessary but brings risk. EY helped a bank develop a centralized approach to their third-party risk management.
8 Jul 2021
-
Align everyone behind cybersecurity
CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.
Secure Creators speak the language of the C-suite and boards in conveying the realities of the current moment and the continuous resource demands of the function. They also do a better job organizing training and designing best practices. While only half of respondents say their cyber training is effective, and only 36% are satisfied with non-IT adoption of best practices, this gap closes among Secure Creators, who are more satisfied with best practice adoption. Upskilling current cybersecurity workforces is by far the most popular tactic to prepare for future cybersecurity threats, cited nearly three times more than the next most popular tactic in the survey.
Why cybersecurity should be required reading for higher education
Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.
7 Jul 2022
Does cyber risk only become a priority once you’ve been attacked?
Cyber threats are evolving and escalating at an especially alarming rate for asset-intensive industries such as mining and metals (M&M).
8 Mar 2022
Why a superstore reinforced its cyber walls to protect its customers
Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.
2 Nov 2022
-
Unleash value
Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.
Secure Creators are value creators, not just value defenders. Cybersecurity leaders in these organizations are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (59% vs. 16% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 28%) and ability to focus on creating value rather than protecting value (57% vs. 39%).
The CIO Imperative: How emerging tech can accelerate a path to sustainability
Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.
15 Feb 2023
How strong data management becomes a real game-changer
For one video game company, a data-driven culture meant gigs of innovation.
12 Apr 2023
Creating a cybersecurity strategy that drives purposeful growth
EY helped Henkel create a cybersecurity strategy that is aligned with its corporate strategy and the objectives of its digital unit.
5 Nov 2021
Cybersecurity leaders are looking to improve capabilities in the following areas:
Case study: creating a smarter, safer grid for new meters
EY teams are helping a national electricity company reinforce its legacy power infrastructure for a trusted, cyber-safe future.
How technology fights FinCrime while enhancing regulatory compliance
EY enabled a large global bank to lead the fight against FinCrime in a way that also helped it improve efficiency and increase compliance.
Transformation Realized™
Consulting at EY is building a better working world by realizing business transformation through the power of people, technology and innovation.
Our latest thinking
The team
Contact us
Like what you’ve seen? Get in touch to learn more.
