As companies become more reliant on digitisation to drive growth, they are now focused on integrating cybersecurity across business functions to drive transformation plans.
According to a new report, 83% of leaders in the C-suite say they are “guided by strategy” when it comes to improving their companies’ cyber-maturity, as cybersecurity execution becomes more integrated across business functions. They agree that embracing a number of strategic actions, including benchmarking and measurement, are an integral part of their overall cybersecurity strategy.
The Promise of Cyber: Enhancing Transformational Value Through Cybersecurity Resilience, Deloitte’s fourth global report on the future of cyber, found that C-suite confidence around cybersecurity is a mixed bag, with many organisations trialling different ways to grow their processes.
The report defines cyber-mature organisations as those that are more resilient when cyberthreats occur to enable critical business continuity.
Fifty-two per cent of respondents are “very confident in the C-suite and board’s ability to adequately navigate cybersecurity”, the report said. “Respondents in high-cyber-maturity organisations anticipate almost two times the positive business outcomes compared with their peers.”
However, only 34% of C-suite executives focused on cybersecurity are very confident their company can navigate these issues effectively, the report said.
One factor steering this doubt is the increase in complex cyberattacks, with 40% of respondents saying they have publicly reported six to ten cybersecurity breaches in the past year.
Deloitte surveyed 1,200 cyber decision-makers across 43 countries.
Investment and budget strategy
To increase resilience, companies plan to allocate more money to cybersecurity. More than half of respondents (57%) expect to increase their budget for cybersecurity over the next 12 to 24 months, the report found.
For many executives, this means developing more integrated budget plans. Fifty-eight per cent of respondents indicated that they expect to begin integrating their cybersecurity spend with budgets for other programmes, such as digital transformation initiatives, IT programmes, and cloud investments.
Not all leaders are on the same page. Many (55%) also expect to see spending remain siloed, with 25% saying they see both integrated budgets and continued siloed spending in some areas in their companies, the report said. This suggests that leaders are taking different approaches to finance cyber investments.
“A cyber-mature organisation understands that cybersecurity is not just an IT issue but a business-critical imperative that requires integration across all functions and levels of the organisation,” the report said. “By fostering such strong cybersecurity connections, organisations can enhance collaboration, information sharing, and decision-making related to cybersecurity.”
Integration as a transformation journey
As cybersecurity investment gains a foothold in various departmental budgets, C-suite leaders also noted that integrating cyber strategy across technological and business functions is crucial for growth, trust, and innovation.
“More than 80% of respondents say they are integrating privacy considerations into the early stages of product development, for example, which can help safeguard customer data and foster greater digital trust,” the report said. “Ultimately, the growth of business, customer, data, and digital trust depends on cyber.”
Organisations that travel along a path to cyber-maturity, the report said, will better integrate cybersecurity risk strategies, security practices, and trust-building approaches into business and technology transformation.
On average, 86% of respondents are implementing actions to a moderate or large extent to increase cyber strategies and actions, the report said, with 85% optimistic those actions will achieve desired business outcomes.
— To comment on this article or to suggest an idea for another article, contact Steph Brown at Stephanie.Brown@aicpa-cima.com.