Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.

"Secure Creators” are redefining cybersecurity in their industries. Secure Creators have fewer cyber incidents, were quicker to respond, and provided 1.5 to 2 times more positive impact on their organization in terms of value creation, innovation and responsiveness to market opportunities when compared to their lower-performing counterparts.

They accomplished this not by simply deploying the right technology, innovating effectively, communicating across their organizations and minimizing attack surfaces, but by executing each of those practices better than their peers.

Here are four actions CISOs can take to better prepare for today and tomorrow:

Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.

Secure Creators embrace technology but with an eye for simplicity. They are quick to experiment with novel solutions, with 72% saying they are early adopters of new technology versus 55% of “Prone Enterprises,” the weaker group in the survey. But they are also more likely to use security orchestration, automation and response, and are late-stage adopters of robotic process automation. This indicates an eye on innovations that cohere into an orchestrated, pan-organizational defense.

Why organizations should prepare for quantum computing cybersecurity now

This technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography. Learn how to be ready.

How emerging technologies can usher in the dawn of pervasive intelligence

“Pervasive intelligence” will emerge through a massively distributed, digital connectivity and cloud fabric that will transform our economy. Find out more.

Fuad Siddiqui

Top 10 opportunities for technology companies in 2023

In a volatile business environment, will the bold be rewarded? Now is the time to invest and test the waters with new business models. Read more.

Ken Englund + 3
As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.

Secure Creators are more likely to be paying attention to supply chain risks than Prone Enterprises (39% vs. 20%). CISOs should be involved in vendor selection decisions and should help set partner relationships to bring higher levels of assurance to supply chains and to ensure there is a cyber lens to supply decisions.

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

Quantum computing 5 steps to take now

Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks. Learn more.

Beatriz Sanz Sáiz + 2
CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.

Secure Creators speak the language of the C-suite and boards in conveying the realities of the current moment and the continuous resource demands of the function. They also do a better job organizing training and designing best practices. While only half of respondents say their cyber training is effective, and only 36% are satisfied with non-IT adoption of best practices, this gap closes among Secure Creators, who are more satisfied with best practice adoption. Upskilling current cybersecurity workforces is by far the most popular tactic to prepare for future cybersecurity threats, cited nearly three times more than the next most popular tactic in the survey.
Why a superstore reinforced its cyber walls to protect its customers

Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.
Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.

Secure Creators are value creators, not just value defenders. Cybersecurity leaders in these organizations are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (59% vs. 16% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 28%) and ability to focus on creating value rather than protecting value (57% vs. 39%).
The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals. Learn more.

Cybersecurity leaders are looking to improve capabilities in the following areas:

AI is both friend and foe to CISOs. To tip the balance toward friendship, cybersecurity leaders are investing in AI- and machine learning-enabled tools to improve vulnerability testing, detect threats more quickly and build more adaptive security systems.

Generative AI models like generative adversarial networks (GANs) can create synthetic data that mimic real-word cyberattacks, making attack testing and response easier. In the real-world, generative AI-enabled threat detection tools are able to analyze large amounts of data in real time, allowing them to quickly detect anomalies and patterns that may indicate a cyberattack. If a threat is realized as a cyberattack, organizations can employ quickly-adaptive response systems that have been informed by huge datasets of historical breaches.
No matter the complexity, passwords by themselves are not as secure as they used to be. Organizations are using passwordless authentication to eliminate the risks associated with traditional password-based authentication methods.

Passwordless authentication replaces passwords with more secure methods, such as biometric authentication, hardware-based authentication or one-time passcodes sent via email or text message. This reduces the risk of phishing attacks, credential stuffing and password-related vulnerabilities.
A growing tech stack brings an expanded attack surface. Cybersecurity leaders are building zero trust architectures to deal with the near constant threat posed by attackers.

Zero trust architectures use a mix of technology and protocols to identify and grant access to users within and outside an organization’s network. By default, users are not trusted and are given the least amount of privilege possible within a network. Networks are segmented to prevent widespread access if one wall is breached and barriers like multifactor authentication (MFA) are deployed to make unauthorized access more difficult.

Organizations must adopt technology, but doing so doesn’t mean they have to be less secure.
Rapid technology development can create security gaps. DevSecOps (development, security and operations) can close these gaps by building cybersecurity into the development lifecycle, from design to production.

DevSecOps encourages collaboration and communication between developers, security professionals, and operations teams, allowing for a more holistic approach to cybersecurity. Building these practices into technology governance enables rapid deployment of security updates and patches, ensuring that systems are always up to date and protected against the latest threats.

Our latest thinking

Decoding the Digital Personal Data Protection Act, 2023

Understand India’s DPDP Act 2023 focusing on user data privacy regime and DPDP 2025 Rules update (13 November) on how personal data must be collected, processed, and secured.

Lalit Kalra

DPDP Rules 2025: Implications and roadmap

DPDP Rules 2025 are now notified, transforming India’s data privacy landscape. Watch EY Partners decode compliance actions, challenges and sector implications.

Navigating innovation and data privacy for children in the age of AI

Listen to our Cybersecurity Awareness month podcast on intersection of artificial intelligence (AI), DPDP Act and ethical considerations on data privacy for children.

14m 8s

Building a risk framework for Agentic AI

Build a robust risk framework for Agentic AI with EY’s multi-layered approach to governance, security, compliance, and responsible AI oversight.

Abbas Godhrawala

AI and data security in the age of digital convenience

AI offers convenience but raises data privacy risks. This podcast explores how to secure personal and organizational data in the age of AI.

21m 49s

How data fiduciaries should engage processors for effective compliance

Compliance checklist for data fiduciaries engaging processors: contract terms, security controls, audit rights and more under India’s data protection law.

EY India

Cyber insurance in India: From breach recovery to business resilience

Explore how AI, automation, and cybersecurity scoring are transforming Indian cyber insurance pricing, claims, and policies in a changing risk landscape.

Kartik Shinde

How Agentic AI can transform industries by 2028

Agentic AI: Transforming industries by 2028 with autonomous decision-making, improved efficiency, and ethical frameworks. Learn how it’s reshaping businesses.

Abbas Godhrawala

Impact of draft Digital Personal Rules on e-commerce sector

Explore the Draft Digital Personal Data Protection Rules 2025 & their impact on e-commerce, focusing on compliance gaps, data retention, and privacy risks.

Sujay Maskara

What fintech and payments firms must know to ensure data privacy

DPDP Act & Draft Rules 2025: Learn how fintech and payments firms can strengthen data security, ensure privacy compliance, and secure customer trust.

Aniket Bhosle

Redefining global privacy: The critical role of India’s GCCs

Explore the growing need for Privacy Centers of Excellence in India's GCCs, leveraging top talent, cost-effective operations, and robust data protection laws. Learn more.

Mubin Shaikh

How companies can secure language models against emerging AI cyber risks

Large Language Models (LLMs) cybersecurity explores risks, safeguards, and practical solutions to protect AI-driven systems against evolving cyber threats.

Mubin Shaikh

The digital payments ecosystem of India: Planning security today for a resilient tomorrow

Explore how India’s digital payments ecosystem can prioritize cybersecurity and compliance to ensure long-term resilience and consumer trust in 2025.

Aniket Bhosle

Transforming data privacy: Digital Personal Data Protection Rules, 2025

Explore India's Digital Personal Data Protection Rules, 2025, under the DPDPA Act, 2023, enhancing data privacy with clear rights and fiduciary guidelines. Learn more.

EY India

Tech-forward preventive vigilance to enhance governance

Embrace tech innovation for proactive fraud risk management and foster a culture of integrity with our tech-forward vigilance strategies.

Arpinder Singh

How enterprises can overcome automotive cybersecurity challenges

Delve into the complexities of automotive cybersecurity, discussing challenges, regulatory standards, and evolving trends in vehicle safety. Tune in now.

25m 24s

How next-gen SOCs will shape the future of cybersecurity

Learn how AI-enhanced SOCs, defense strategies & smarter risk management are shaping future of cybersecurity in our Cybersecurity Awareness Month podcast.

29m 56s

Next-gen protection: AI's role in cybersecurity

Dive into AI's transformative impact on cybersecurity in our podcast, exploring integration, challenges, and how it fortifies against emerging threats.

16m 30s

Strengthening cyber resilience: strategies for today’s digital landscape

EY India's cybersecurity podcast explores how businesses build resilience through strategic defenses & employee awareness amidst growing digital threats.

28m 7s

Tech Trend 06: Unleashing next-gen employee experience with digital and AI

Discover how AI is revolutionizing the workplace with EY's insights on next-gen employee experiences. Learn strategies to enhance engagement & productivity in our Tech Trend 06 update.

Ajay Gachhi

Responsible AI: Building A Sustainable Framework

Responsible AI solutions at EY embed fairness, transparency, data privacy and risk‑based AI governance to build a sustainable and ethical AI framework.

Kartik Shinde

Tech Trend 04: Digital twins: Creating intelligent industries

Discover how Digital twins technology will transform industries with intelligent operations, innovation & efficiency, while requiring strategic planning.

Ram Deshpande

Tech Trend 03: Empowering industries: The rising significance of industry clouds

Elevate your business with Industry Clouds! Explore their rising significance in empowering industries for enhanced efficiency and innovation.

Abhinav Johri

Tech Trend 02: Sustainable coding is the need for a greener tomorrow

Software's carbon cost exploding? Green coding, power-smart algorithms & hardware pave the path to a sustainable future.

Alexy Thomas

Tech Trend 01: AI-augmented software development: A new era of efficiency and innovation

Elevate software development with AI-augmented expertise. Unleash innovation through machine learning integration. Transform projects for optimal results.

Radhika Saigal

Tailored tech solutions built for every business need

EY India delivers technology solutions to drive digital transformation, improve efficiency, manage risk, and support industry-specific business goals.
Read more
Cybersecurity Managed Services

Cybersecurity Managed Services at EY provide strategic security solutions, ensuring effective security management to mitigate cyber risks for continued growth.
Read more
EY Cognitive Cyber Centre

EY Cognitive Cyber Centre is a integrated cybersecurity management platform that uses AI to equip businesses to detect, respond & prevent emerging threats.
Read more
Identity and access management

Discover how EY's identify and access management (IAM) team can help your organization manage digital identities for people, systems, services and users.
Read more
Cybersecurity, strategy, risk, compliance and resilience

Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
Service Organization Controls Reporting (SOCR)

Discover how EY's SOCR team can provide an independent opinion on your service organization’s controls, to help build trust with partners and customers.
Read more
Data Protection and Data Privacy Services

Data protection & privacy services at EY ensures data security, lifecycle management, compliance frameworks, risk assessment & strategic privacy solutions.
Read more
Cybersecurity Due Diligence in M&A and Divestitures

EY enables deal success by identifying cyber vulnerabilities, quantifying risk & helping cybersecurity remediation during M&A, private equity transactions.
Read more
Next generation security operations and response

Discover how EY India's next generation security operations & response team helps organizations build programmatic and leading-class security operations.
Read more
Privacy & Cyber Response

EY India Privacy & Cyber Incident Response Services help businesses navigate complex cyber threats, strengthen resilience, and respond with confidence.
Read more
Cybersecurity Transformation

Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more
FedRAMP Assessment for Cloud Service Offerings (CSO)

Find out how EY third-party FedRAMP assessment can help Cloud Service Offering (CSO) seamlessly navigate through the FedRAMP authorization stages.
Read more
Supply Chain Cyber Risk Managed Services

EY India Supply Chain Cyber Risk Managed Services help organizations safeguard against cyber threats & risks across suppliers and third-party ecosystems.
Read more

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Insights

Highlights

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Cyber and privacy leaders' agenda

Cybersecurity leaders are looking to improve capabilities in the following areas:

Gaurav Bhalotia

Murali Rao

Kartik Shinde

Mini Gupta

Sameer Paradia

Arpinder Singh

Harshavardhan Godugula

Insights

Highlights

Services

Spotlight

Industries

Case studies

Careers

Spotlight

About us

Top news

Cyber and privacy leaders' agenda

Reduce technology complexity

Reduce the attack surface

Align everyone behind cybersecurity

Unleash value

Cybersecurity leaders are looking to improve capabilities in the following areas:

Generative AI and machine learning

Passwordless authentication

Zero trust

DevSecOps

Gaurav Bhalotia

Murali Rao

Kartik Shinde

Mini Gupta

Sameer Paradia

Arpinder Singh

Harshavardhan Godugula