Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation

Featured Thinking

It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.

“Secure Creators” are redefining cybersecurity in their industries. This cohort of organizations was identified in the 2023 EY Global Cybersecurity Leadership Insights survey, which polled 500 global c-suite experts to assess their current cyber performance, their readiness for emerging and future threats, and their chief challenges. Secure Creators have fewer cyber incidents, were quicker to respond, and provided 1.5 to 2 times more positive impact on their organization in terms of value creation, innovation and responsiveness to market opportunities when compared to their lower-performing counterparts.

They accomplished this not by simply deploying the right technology, innovating effectively, communicating across their organizations and minimizing attack surfaces, but by executing each of those practices better than their peers.

Here are four actions CISOs can take to better prepare for today and tomorrow:

Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.

Secure Creators embrace technology but with an eye for simplicity. They are quick to experiment with novel solutions, with 72% saying they are early adopters of new technology versus 55% of “Prone Enterprises,” the weaker group in the survey. But they are also more likely to use security orchestration, automation and response, and are late-stage adopters of robotic process automation. This indicates an eye on innovations that cohere into an orchestrated, pan-organizational defense.

How emerging technologies can usher in the dawn of pervasive intelligence

“Pervasive intelligence” will emerge through a massively distributed, digital connectivity and cloud fabric that will transform our economy. Find out more.

08 Aug 2023 Fuad Siddiqui

Why organizations should prepare for quantum computing cybersecurity now

This technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography. Learn how to be ready.

14 Apr 2023 Jeff Wong + 1

Top 10 opportunities for technology companies in 2023

In a volatile business environment, will the bold be rewarded? Now is the time to invest and test the waters with new business models. Read more.

07 Dec 2022 Ken Englund + 3
As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.

Secure Creators are more likely to be paying attention to supply chain risks than Prone Enterprises (39% vs. 20%). CISOs should be involved in vendor selection decisions and should help set partner relationships to bring higher levels of assurance to supply chains and to ensure there is a cyber lens to supply decisions.

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

15 Feb 2023 Tom Loozen + 1

Quantum computing 5 steps to take now

Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks. Learn more.

21 Nov 2022 Beatriz Sanz Sáiz + 2

How banks can maximize long-term value by minimizing third-party risk

Working with third parties is necessary but can be risky. EY helped a client understand these risks and transform their risk management model. Learn more.

08 Jul 2021 Andrea Romani + 2
CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.

Secure Creators speak the language of the C-suite and boards in conveying the realities of the current moment and the continuous resource demands of the function. They also do a better job organizing training and designing best practices. While only half of respondents say their cyber training is effective, and only 36% are satisfied with non-IT adoption of best practices, this gap closes among Secure Creators, who are more satisfied with best practice adoption. Upskilling current cybersecurity workforces is by far the most popular tactic to prepare for future cybersecurity threats, cited nearly three times more than the next most popular tactic in the survey.
Why a superstore reinforced its cyber walls to protect its customers

Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.

02 Nov 2022 + 1

Why cybersecurity should be required reading for higher education

Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.

07 Jul 2022 Rob Belk

Does cyber risk only become a priority once you’ve been attacked?

Cyber threats are evolving and escalating at an especially alarming rate for asset-intensive industries such as mining and metals (M&M).

08 Mar 2022 Paul Mitchell
Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.

Secure Creators are value creators, not just value defenders. Cybersecurity leaders in these organizations are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (59% vs. 16% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 28%) and ability to focus on creating value rather than protecting value (57% vs. 39%).
How strong data management becomes a real game-changer

For one video game company, a data-driven culture meant gigs of innovation. Learn more.

12 Apr 2023 Faisal Alam + 2

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

15 Feb 2023 Tom Loozen + 1

Creating a cybersecurity strategy that drives purposeful growth

With EY assistance, Henkel created a cybersecurity strategy that is closely aligned with its corporate strategy and dx objectives. Learn more.

05 Nov 2021 Oina Kerchner + 1

Cybersecurity leaders are looking to improve capabilities in the following areas:

AI is both friend and foe to CISOs. To tip the balance toward friendship, cybersecurity leaders are investing in AI- and machine learning-enabled tools to improve vulnerability testing, detect threats more quickly and build more adaptive security systems.

Generative AI models like generative adversarial networks (GANs) can create synthetic data that mimic real-word cyberattacks, making attack testing and response easier. In the real-world, generative AI-enabled threat detection tools are able to analyze large amounts of data in real time, allowing them to quickly detect anomalies and patterns that may indicate a cyberattack. If a threat is realized as a cyberattack, organizations can employ quickly-adaptive response systems that have been informed by huge datasets of historical breaches.
No matter the complexity, passwords by themselves are not as secure as they used to be. Organizations are using passwordless authentication to eliminate the risks associated with traditional password-based authentication methods.

Passwordless authentication replaces passwords with more secure methods, such as biometric authentication, hardware-based authentication or one-time passcodes sent via email or text message. This reduces the risk of phishing attacks, credential stuffing and password-related vulnerabilities.
A growing tech stack brings an expanded attack surface. Cybersecurity leaders are building zero trust architectures to deal with the near constant threat posed by attackers.

Zero trust architectures use a mix of technology and protocols to identify and grant access to users within and outside an organization’s network. By default, users are not trusted and are given the least amount of privilege possible within a network. Networks are segmented to prevent widespread access if one wall is breached and barriers like multifactor authentication (MFA) are deployed to make unauthorized access more difficult.

Organizations must adopt technology, but doing so doesn’t mean they have to be less secure.
Rapid technology development can create security gaps. DevSecOps (development, security and operations) can close these gaps by building cybersecurity into the development lifecycle, from design to production.

DevSecOps encourages collaboration and communication between developers, security professionals, and operations teams, allowing for a more holistic approach to cybersecurity. Building these practices into technology governance enables rapid deployment of security updates and patches, ensuring that systems are always up to date and protected against the latest threats.

Cybersecurity Transformation

Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more
Cybersecurity, strategy, risk, compliance and resilience

Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
Next generation security operations and response

Discover how EY's Next generation security operations & response team can help your organization manage leading-class security operations in a programmatic way.
Read more
Cybersecurity Architecture, Engineering & Emerging Technologies

Discover how EY's services & offerings can help your business across multiple aspects of its cybersecurity portfolio.
Read more
Data protection and privacy

Discover how EY's data protection and privacy team can help your organization protect its information over the full data lifecycle.
Read more
Identity and access management

Discover how EY's identify and access management (IAM) team can help your organization manage digital identities for people, systems, services and users.
Read more

Our latest thinking

Richard Watson

EY Global and Asia-Pacific Cybersecurity Consulting Leader

Public speaker. Trusted advisor on cyber risk and digital trust. Golfer, traveler and dad.

Sydney, AUS

Alam Hussain

EY EMEIA Cybersecurity Leader

Transformation professional in cybersecurity. Passionate about identity and access management, and the development of talent within cybersecurity.

London, GBR

Kevin Janes

EY Americas Cybersecurity, Privacy and Trusted Technology Market Leader

Trusted technology professional. Transformation leader. Volunteer. Patron of the arts. Wine connoisseur.

Chicago, USA

Kanika Seth

EY EMEIA Financial Services Consulting Cybersecurity Leader

Passionate about diversity and inclusivity across EY. Lives in London. Enjoys watching cricket. Likes to travel the world with her husband and family.

London, GBR

Angela Saverice-Rohan

EY Americas Privacy Leader

Promotes cross-functional teamwork. Calm and steady in crisis. Wicked sense of humor. Mother of two.

Los Angeles, USA

Tom Schmidt

EY EMEIA Financial Services Cybersecurity Competency Leader; EY Switzerland Cybersecurity Leader, Financial Services

Focusing on all aspects of information security, cybersecurity, and IT risk management. Passionate about traveling the world and engaging in various sports.

Berne, CHE

Andy Deprez

EY Belgium Cybersecurity Leader; EY EMEIA Cybersecurity Competency Leader

Cybersecurity and technology enthusiast. Passionate about empowering people to succeed. Cycling buff.

Diegem, BEL

Elizabeth Mann

EY Americas Life Sciences and Health Cybersecurity Leader

Active mentor and sponsor for women in cyber and STEAM. Loves city life, wine, movies and theater. Driven by family, puppy, friends, colleagues and service.

New York, USA

Andy Ng

EY EMEIA Data Protection & Privacy Consulting Leader

Data Protection & Privacy Consulting leader in EY EMEIA. Thought leader in data loss prevention. Passionate about helping clients protect what the bad guys are after. Food lover.

London, GBR

Burgess Cooper

Ernst & Young LLP Information and Cybersecurity Consulting Services Partner

Cybersecurity evangelist. Technology enthusiast. Passionate biker.

Mumbai, IND

Jatin Sehgal

EY Global ISO Leader and EY CertifyPoint Managing Director

ISO management systems guru and subject matter professional for ISO implementation, training and certifications. Go-getter and entrepreneurial. Growth hacker, well-traveled and sport lover.

Amsterdam, NLD

Michelle Unger

EY Global Technology Officer – Consulting

Over 20 years immersed in technology at the forefront of AI, robotics and deep learning. Putting tech at the core of EY’s transformation and showcasing how clients can too. Champion of women in tech.

Mannheim, DEU

Matthias Bandemer

EY Germany Cybersecurity Services Leader

A passionate builder of a cyber-secure working world — protecting value and creating trust.

Munich, DEU

Piotr Ciepiela

EY Global Advisory Cyber Architecture, Engineering & Emerging Technology Leader

Industry leader in business-oriented technology innovations. Believer of the “from thought to finish” approach. Father of two.

Warszawa, POL

Matt Hynes

EY Global Cyber Transformation Leader

Passionate advocate of cybersecurity. Natural translator of “cyber speak” to plain English. Part-time fighter of bad guys. Full-time husband and father. Occasional DIY handyman.

Minneapolis, USA

Rob Belk

Principal, Cybersecurity Consulting, Ernst & Young LLP

Strategic cyber leader for whole of enterprise. Driven by amazing experiences of meaning and consequence. Father, husband, self-proclaimed musician.

San Diego, USA

Shawn Fohs

EY Americas Forensic & Integrity Services Privacy & Cyber Response Leader

Cybersecurity and digital forensics leader. Father of two daughters. Automotive enthusiast. Neurodiversity at work supporter.

New York, USA

Ayan Roy

EY Americas Identity and Access Management Leader

Building a secure and trusted working world combined with my philosophy to enable the business is my guiding principle in identity management. Photographer. Traveler and explorer. Father.

Irvine, USA

Matt Chambers

EY Americas Power & Utilities Cybersecurity Field of Play Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.

Houston, USA

Steve Ingram

EY Americas FSO Cyber Leader

Cyber Leader for EY Americas. Experienced in helping design and deliver global security strategies and operations in IDM, compliance, resilience, cybercrime; and responding to breaches and incidents.

New York, USA

John Hauser

EY Americas Transaction Support – Cyber Due Diligence Leader

Experienced cyber due diligence advisor. Certified Information Privacy Professional. Former FBI Special Agent. Two-time marathon runner.

Tysons, USA

Naoto Morishima

EY Japan Consulting Senior Manager

Pioneer in cybersecurity governance. All-round cybersecurity consultant. PADI Advanced Open Water Diver.

Tokyo, JPN

On the agenda (5)

Skip

west

Global Information Security Survey (GISS)

Discover

Technology

Featured: How can AI help us accelerate the pace of change the world needs

Discover

cybersecurity

Featured: Is your greatest risk the complexity of your cyber strategy?

Discover

Transformation Realized

Featured: How do you harness the power of people to double transformation success?

Discover

Risk leaders' agenda

Featured: What if the difference between adversity and advantage is a resilient board?

Discover

east

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Spotlight

Cyber and privacy leaders' agenda

Join the conversation

Cybersecurity leaders are looking to improve capabilities in the following areas:

Our latest thinking

Our latest thinking

Richard Watson

Alam Hussain

Kevin Janes

Kanika Seth

Angela Saverice-Rohan

Tom Schmidt

Andy Deprez

Elizabeth Mann

Andy Ng

Burgess Cooper

Jatin Sehgal

Michelle Unger

Matthias Bandemer

Piotr Ciepiela

Matt Hynes

Rob Belk

Shawn Fohs

Ayan Roy

Matt Chambers

Steve Ingram

John Hauser

Naoto Morishima

Insights

Trending topics

Spotlight

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Spotlight

Cyber and privacy leaders' agenda

Join the conversation

Reduce technology complexity

Reduce the attack surface

Align everyone behind cybersecurity

Unleash value

Cybersecurity leaders are looking to improve capabilities in the following areas:

Generative AI and machine learning

Passwordless authentication

Zero trust

DevSecOps

Our latest thinking

Our latest thinking

Richard Watson

Alam Hussain

Kevin Janes

Kanika Seth

Angela Saverice-Rohan

Tom Schmidt

Andy Deprez

Elizabeth Mann

Andy Ng

Burgess Cooper

Jatin Sehgal

Michelle Unger

Matthias Bandemer

Piotr Ciepiela

Matt Hynes

Rob Belk

Shawn Fohs

Ayan Roy

Matt Chambers

Steve Ingram

John Hauser

Naoto Morishima