Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation

It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.

"Secure Creators” are redefining cybersecurity in their industries. Secure Creators have fewer cyber incidents, were quicker to respond, and provided 1.5 to 2 times more positive impact on their organization in terms of value creation, innovation and responsiveness to market opportunities when compared to their lower-performing counterparts.

They accomplished this not by simply deploying the right technology, innovating effectively, communicating across their organizations and minimizing attack surfaces, but by executing each of those practices better than their peers.

Here are four actions CISOs can take to better prepare for today and tomorrow:

Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.

Secure Creators embrace technology but with an eye for simplicity. They are quick to experiment with novel solutions, with 72% saying they are early adopters of new technology versus 55% of “Prone Enterprises,” the weaker group in the survey. But they are also more likely to use security orchestration, automation and response, and are late-stage adopters of robotic process automation. This indicates an eye on innovations that cohere into an orchestrated, pan-organizational defense.

How emerging technologies can usher in the dawn of pervasive intelligence

“Pervasive intelligence” will emerge through a massively distributed, digital connectivity and cloud fabric that will transform our economy. Find out more.

Fuad Siddiqui

Why organizations should prepare for quantum computing cybersecurity now

This technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography. Learn how to be ready.

Kristin Gilkes

Top 10 opportunities for technology companies in 2023

In a volatile business environment, will the bold be rewarded? Now is the time to invest and test the waters with new business models. Read more.

Ken Englund + 3
As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.

Secure Creators are more likely to be paying attention to supply chain risks than Prone Enterprises (39% vs. 20%). CISOs should be involved in vendor selection decisions and should help set partner relationships to bring higher levels of assurance to supply chains and to ensure there is a cyber lens to supply decisions.

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

Tom Loozen + 1

Quantum computing 5 steps to take now

Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks. Learn more.

Beatriz Sanz Sáiz + 2

How banks can maximize long-term value by minimizing third-party risk

Working with third parties is necessary but can be risky. EY helped a client understand these risks and transform their risk management model. Learn more.

Andrea Romani + 2
CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.

Secure Creators speak the language of the C-suite and boards in conveying the realities of the current moment and the continuous resource demands of the function. They also do a better job organizing training and designing best practices. While only half of respondents say their cyber training is effective, and only 36% are satisfied with non-IT adoption of best practices, this gap closes among Secure Creators, who are more satisfied with best practice adoption. Upskilling current cybersecurity workforces is by far the most popular tactic to prepare for future cybersecurity threats, cited nearly three times more than the next most popular tactic in the survey.
Why a superstore reinforced its cyber walls to protect its customers

Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.

+ 1

Why cybersecurity should be required reading for higher education

Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.

Rob Belk

Does cyber risk only become a priority once you’ve been attacked?

Cyber threats are evolving and escalating at an especially alarming rate for asset-intensive industries such as mining and metals (M&M).

Paul Mitchell
Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.

Secure Creators are value creators, not just value defenders. Cybersecurity leaders in these organizations are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (59% vs. 16% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 28%) and ability to focus on creating value rather than protecting value (57% vs. 39%).
How strong data management becomes a real game-changer

For one video game company, a data-driven culture meant gigs of innovation. Learn more.

Faisal Alam + 2

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

Tom Loozen + 1

Creating a cybersecurity strategy that drives purposeful growth

With EY assistance, Henkel created a cybersecurity strategy that is closely aligned with its corporate strategy and dx objectives. Learn more.

Oina Kerchner + 1

Cybersecurity leaders are looking to improve capabilities in the following areas:

AI is both friend and foe to CISOs. To tip the balance toward friendship, cybersecurity leaders are investing in AI- and machine learning-enabled tools to improve vulnerability testing, detect threats more quickly and build more adaptive security systems.

Generative AI models like generative adversarial networks (GANs) can create synthetic data that mimic real-word cyberattacks, making attack testing and response easier. In the real-world, generative AI-enabled threat detection tools are able to analyze large amounts of data in real time, allowing them to quickly detect anomalies and patterns that may indicate a cyberattack. If a threat is realized as a cyberattack, organizations can employ quickly-adaptive response systems that have been informed by huge datasets of historical breaches.
No matter the complexity, passwords by themselves are not as secure as they used to be. Organizations are using passwordless authentication to eliminate the risks associated with traditional password-based authentication methods.

Passwordless authentication replaces passwords with more secure methods, such as biometric authentication, hardware-based authentication or one-time passcodes sent via email or text message. This reduces the risk of phishing attacks, credential stuffing and password-related vulnerabilities.
A growing tech stack brings an expanded attack surface. Cybersecurity leaders are building zero trust architectures to deal with the near constant threat posed by attackers.

Zero trust architectures use a mix of technology and protocols to identify and grant access to users within and outside an organization’s network. By default, users are not trusted and are given the least amount of privilege possible within a network. Networks are segmented to prevent widespread access if one wall is breached and barriers like multifactor authentication (MFA) are deployed to make unauthorized access more difficult.

Organizations must adopt technology, but doing so doesn’t mean they have to be less secure.
Rapid technology development can create security gaps. DevSecOps (development, security and operations) can close these gaps by building cybersecurity into the development lifecycle, from design to production.

DevSecOps encourages collaboration and communication between developers, security professionals, and operations teams, allowing for a more holistic approach to cybersecurity. Building these practices into technology governance enables rapid deployment of security updates and patches, ensuring that systems are always up to date and protected against the latest threats.

Cybersecurity Transformation

Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more
Cyber risk, compliance and resilience services

Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
Cyber threat management, detection and response

Discover how EY's Next generation security operations & response team can help your organization manage leading-class security operations in a programmatic way.
Read more
Cyber architecture, operational technology and engineering services

Discover how EY's services & offerings can help your business across multiple aspects of its cybersecurity portfolio.
Read more
Data protection and privacy services

Discover how EY's data protection and privacy team can help your organization protect its information over the full data lifecycle.
Read more
Digital identity and privileged access management services

Discover how EY's identify and access management (IAM) team can help your organization manage digital identities for people, systems, services and users.
Read more
Cybersecurity Managed Services

EY Cybersecurity Managed Services offer seamless, strategic security that gives you the confidence to focus on innovation and growth. Find out more.
Read more

Our latest thinking

On the agenda (4)

Skip

west

Technology

Featured: How can AI help us accelerate the pace of change the world needs

Discover

Cybersecurity

Discover

Transformation Realized

Featured: How can the moments that threaten your transformation define its success?

Discover

Risk leaders’ agenda

Featured: What if the difference between adversity and advantage is a resilient board?

Discover

east

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Cyber and privacy leaders' agenda

Join the conversation

How can cybersecurity transform to accelerate value from AI?

Cybersecurity leaders are looking to improve capabilities in the following areas:

Our latest thinking

Richard Watson

Alam Hussain

Kevin Janes

Kanika Seth

Angela Saverice-Rohan

Tom Schmidt

Andy Deprez

Elizabeth Mann

Burgess Cooper

Jatin Sehgal

Michelle Unger

Matthias Bandemer

Piotr Ciepiela

Matt Hynes

Rob Belk

Shawn Fohs

Ayan Roy

Matt Chambers

Steve Ingram

John Hauser

Naoto Morishima

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Cyber and privacy leaders' agenda

Join the conversation

How can cybersecurity transform to accelerate value from AI?

Reduce technology complexity

Reduce the attack surface

Align everyone behind cybersecurity

Unleash value

Cybersecurity leaders are looking to improve capabilities in the following areas:

Generative AI and machine learning

Passwordless authentication

Zero trust

DevSecOps

Our latest thinking

Richard Watson

Alam Hussain

Kevin Janes

Kanika Seth

Angela Saverice-Rohan

Tom Schmidt

Andy Deprez

Elizabeth Mann

Burgess Cooper

Jatin Sehgal

Michelle Unger

Matthias Bandemer

Piotr Ciepiela

Matt Hynes

Rob Belk

Shawn Fohs

Ayan Roy

Matt Chambers

Steve Ingram

John Hauser

Naoto Morishima