Professional Documents
Culture Documents
Deloitte Future of Cyber 2023
Deloitte Future of Cyber 2023
Global Future
of Cyber Survey
Building long-term value by putting
cyber at the heart of the business
2
No longer just an obligation or a collection of tech- We are excited about the future of cyber, and I
focused hygiene practices, cyber has grown into invite you to join us in exploring some of the key
a critical function for helping businesses deliver findings in this report. In addition to data derived
outcomes, and the results of Deloitte’s 2023 Future from the survey results, the report also includes
of Cyber Survey illuminate this. This year’s global observations and insights taken directly from
survey—Deloitte’s largest cyber survey to date— survey respondents, as well as additional Deloitte
polled leaders across industries in order to get a insights on cyber, cloud, and other technologies
clearer picture of where cyber stands and where it is enabling the future of business.
going. What we discovered is that cyber’s profile as an
enabler is growing. Among organizations of all sizes, Stay well,
cyber is consistently earning a place on the agenda,
becoming a focal point for business-critical initiatives
and investment.
Emily Mossburg,
Deloitte Global Cyber Leader
3
What’s inside
2 Methodology
How we developed the insights 7
Connecting maturity to value,
for the entire enterprise 15
3 The imperative
The future is cyber 8
Key insights 20
The future of cyber is coming into sharper focus as Today, a new reality is taking shape, based on Deloitte’s
organizations worldwide begin to look beyond the 2023 Global Future of Cyber Survey, which asked
tech-centric and threat focus toward the potential hundreds of leaders across industries and across the
positive outcomes they can achieve by deeply globe to share their views on cyber threats, enterprise
integrating cyber thinking and cyber actions across activities, and the future. The survey included C-suite
their businesses. executives across the enterprise, as well as other senior
leaders with responsibility for IT, security, and risk. This
The world is increasingly interconnected, bringing new reality is grounded by the following findings.
about new risks alongside the new growth
opportunities. Digital technologies, exponential Cyber is evolving into a distinct functional area of the
growth of data, and evolving business needs are business, transcending its traditional IT roots and
expanding attack threat surfaces and bringing new becoming an essential part of the framework for
challenges that elevate cyber as a strategic business delivering business outcomes.
issue. Collaboration across cyber, risk management,
and business units is critical to neutralizing
Relationship transformation
cyberthreats, protecting business value, and
“W
e’re starting to see a far more significant focus
sustaining customer trust.
on cybersecurity as an enterprise business risk.
Across the organization, there is a significant shift
In recent years, many enterprise leaders were
in partnership in viewing cybersecurity as a core
focusing on the continued transition to digital
ingredient of our transformation and not a side
business processes, as well as their technology
garnish or afterthought. We’re doing a lot in terms
environments and the rapid evolution of the cyber
of embedding cyber—whether it’s DevSecOps or
threat landscape. In fact, managing hybrid IT and
in product development—where we’re starting
digital transformation have emerged as two of the
to co-create with the (internal) partners to make
greatest challenges businesses face—solidifying
sure that we’re building things securely. It’s like
complexity as the new norm for the enterprise.1
cultural transformation.”
—Allan Cockriel, Group CIO/CISO, Shell
VIEW FROM THE TOP 5
Savvy boards
70%
“Boards clearly care about cybersecurity, and they
will allocate resources at an impressive level.
Boards are now educated enough to identify
Reported that cyber was where is their competent security leadership and
on their board’s agenda where is someone who’s buying their way out of
on a regular basis, either the problem. And as they recognize the difference,
monthly or quarterly. it’s going to change the senior executives’ and
board’s tolerance.”
—CISO, Consumer Organization
VIEW FROM THE TOP 6
54% 71%
“Projects, initiatives, business objectives can’t
be met without thinking through information
security and privacy impacts, and having that
embedded into the appropriate processes.
Companies with Companies with
We’re brought in during the ideation phase as
US$5 billion or more US$500 million to
it relates to business components and aspects.
in revenue are spending US$5 billion in revenue
Our strategy is 100% focused on supporting the
more than US$250 are spending less
business, recognizing that cyber and privacy do
million annually on cyber than US$250 million
not exist without the business. We want to ensure
annually on cyber
that we are meaningfully contributing to moving
the business forward, driving growth, and doing
so in a manner that’s compliant and secure.”
—Arno Van Der Walt, SVP and CISO, Marriott
METHODOLOGY 7
How we
Deloitte designed its 2023 Global Future of Cyber geographies, to glean more detailed insights and
Survey based on the complexity of today’s business to help validate our observations. Our approach
and technology landscape, focusing on the needs covered every aspect relevant to the future of cyber,
developed
of enterprise leaders who may recognize the from strategy to tactics to culture to technology
importance of cyber yet struggle to harness its value. implementation.
Deloitte based its research on a survey of more than
1,000 cyber decision-makers at the director level or At the core of this research, we focused our
the insights
higher (C-suite executives and C-suite direct reports), intentions and efforts on:
across 20 countries and limited to organizations • Exploring how cyber has changed since Deloitte’s
with at least 1,000 employees and US$500 million in 2021 report
annual revenue.
• Applying a forward-thinking lens, to help bring the
future of cyber into sharper focus
To accurately capture the increased impact that
cyber has on businesses today, we nearly doubled • Understanding the business value and impact of
Methodology the sample size from the 2021 research, from almost cyber that organizations are experiencing, and the
600 respondents to 1,110. Deloitte also conducted distinct actions leading organizations are taking to
in-depth interviews with a number of senior cyber gain more value from cyber
decision-makers across various industries and
35% 25%
Americas APAC
North America, South America Asia Pacific
40%
EMEA
Europe/Middle East/Africa
THE IMPERATIVE 8
By separating high-cyber-maturity organizations Put another way, cyber should be embedded across
from their medium- and low-cyber-maturity the broader business strategy. It should be included
counterparts, we can identify a distinct class of in every functional area, as an essential ingredient
cyber leaders and more fully understand the for success—to drive continuous business value, not
extent to which cyber underpins business success simply mitigate risks to IT.
and value.
Both the 2021 survey and this latest survey asked The continued importance of cloud brings with it the
respondents about their organizations’ digital complex cyber considerations that are inherent in
transformation priorities—to help identify which hosting data and applications off premises and often
technologies were important to the organization across various environments. While cloud—and cyber
and would, therefore, need to be considered as cloud—maturity varies considerably, findings in our
part of future cyber strategies. recent Future of Cloud Survey suggest that many
organizations are overcoming those concerns and
Compared to companies’ top two priorities in 2021, achieving highly positive outcomes for risk-related
cloud moved from the #2 spot to the #1 spot, cloud use cases. In fact, 83% of organizations say their
displacing data analytics. Operational technology/ cloud investments are driving positive outcomes in
industrial control systems and artificial intelligence/ terms of mitigating business and regulatory risk.2 This
cognitive computing remained in the top five, moving is a positive signal regarding maturing cyber cloud
up slightly. Joining the top-5 list this year is newcomer capabilities, shared responsibility models, and data
5G, reflecting the growing role of the standard in privacy programs being put into place.
organizations’ business ambitions.
HISTORICAL PERSPECTIVE 10
Digital
transformation
priorities
Then and now. 2021
2023
39 40
41 43
45
40 40 42 45
43
38
22 23
19 20
15 15 14 14 18
12
10
7 8 5 7
1 2 3 3 3 2 2
Cloud
Data analytics
5G
Internet of Things
Artificial Intelligence/
Cognitive computing
Blockchain/cryptocurrency
Metaverse
Quantum computing
Physical Robotics
At the top
“Everyone is having this (cyber) topping the
agenda, and they are incorporating that in the
design of the strategies, in the design of the
budgets, and in the design of their solutions.”
—CISO, Financial Services Organization Not at all To a small extent To a medium extent To a large extent
THEN AND NOW 12
38 38
31
29
Overall
14%
17 Overall
9%
13
11
91%
Overall
9 3% 9
8
4 4
Organizations reporting 2
at least one cyber
incident or breach.
1–5 events 6–10 events 11–15 events 16 or above None
Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
THEN AND NOW 13
Meanwhile, operational disruption continues to be the In the context of these significant impacts, the need for Figure 3: Feeling the pain
most significant impact of cyber incidents, although a risk-based cyber strategy—across the organization’s Cyber incidents and breaches are resulting in the following negative consequences for organizations
loss of revenue and loss of customer trust jumped in ecosystem of cyber strategies, solutions, and controls— (Based on frequency of top 2 ranking in 2021, top 2 box selection in 2023)
the rankings—to second and third place—with 56% is ever more important for the future of cyber. A zero
of respondents reporting that they suffered related trust architecture can enable modern enterprise Negative consequences resulting from cyber incidents 2021 2023 2023
consequences to a moderate or large extent. One environments by strengthening security posture, and breaches (Rank) (Rank) (Percent)
potential hypothesis in play here: Organizations with a simplifying security management, and improving end-
higher level of maturity may view the impacts differently, user experience. And the journey to zero trust requires Operational disruption
1 1 58%
as they have a deeper understanding of what is actually a strategy aligned to business outcomes plus significant (including supply chain/or partner ecosystem)
happening in their business. Less mature organizations effort and planning, including addressing foundational Loss of revenue 9 2 56%
may be evaluating theoretical impacts. Regardless, cyber issues, automating manual processes, and
Loss of customer trust/negative brand impact 4 3 56%
high-maturity organizations do appear to be reaping planning for transformational changes to the security
significantly more positive benefits from cyber organization, the technology landscape, and the Reputational loss 5 4 55%
initiatives—including improved brand reputation and enterprise itself.3 Defunding of a strategic initiative N/A 5 55%
trust, operational benefits, and financial benefits. Low-
Loss of confidence in tech integrity N/A 6 55%
and medium-maturity groups seem more likely to gain
benefits around brand reputation and improving trust, Negative talent recruitment/retention impact 8 7 54%
as opposed to other areas. Intellectual property theft 2 8 54%
Drop in share price 3 9 52%
Regulatory fines 7 10 52%
Change in leadership 5 N/A N/A
what it means to To define cyber maturity and identify the high performers who are shaping the future of cyber, we used three
sets of leading practices to rate organizations:
While CISOs can serve as organizational The high-maturity organizations that we identified
champions for cyber, many of these leading recognize the effectiveness of distributing cyber
practices only become possible through responsibilities throughout the organization. Such
enterprisewide engagement. efforts align with Deloitte’s common guidance of
embedding cyber professionals within business
That can take the form of: units, or at least having someone in each business
• Having a governing body that comprises unit with a clear responsibility for coordinating
IT and senior business leaders to oversee the with the cyber team. They are 31% less likely to cite
cyber program inadequate governance across their organization as
a top challenge in managing cyber (35% for low cyber
• Conducting incident-response scenario planning and
maturity vs. 34% for medium cyber maturity vs. 22%
simulation at the organizational and/or board level
for high cyber maturity).
• Regularly providing cyber updates to the board,
to secure funding
• Annual cyber awareness training among
all employees
WHY MATURITY MATTERS 16
55%
Enhances trust
Enable efficiency
Detects potential
problems sooner
Improves resilience
Increase agility
Provides confidence
to try new things
Highly mature
organizations said cyber
provides them with
confidence to try new
things.
Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
WHY MATURITY MATTERS 18
Figure 6: Reaping real benefits The highest-performing organizations also were more And based on the data from our 2023 Global Future
Cyber initiatives are making a positive contribution in the following areas likely to report positive contributions from their cyber of Cyber Survey, global organizations can clearly see
(Percentage) initiatives in areas such as improved brand reputation the connection to benefits including trust. While
(64%), increased revenue (47%), improved operational organizations that are investing in cyber are seeing
stability involving the supply chain and partner significant gains across a range of value measures,
ecosystem (59%), talent recruitment and retention the highest performers get more of that value across
(49%), long-term sustainability (64%), improved every strategic measure (Figure 6).
64 64 customer trust and brand impact (62%).
62 62 61
59 59
56 Trust is an issue of paramount importance when
53 it comes to cyber. As an “ecosystem” that can help
49 50
47 47 deliver outcomes, trust needs to be built with all of
45 your human stakeholders. A trusting workforce, for
42 Customer expectations
39 example, achieves 2x improved customer satisfaction,
38 37 “The customer—my personal guess—is not
36 35 35
36 35 and customers who trust a brand are 88% more likely
33 34 34 willing to pay a lot extra for cybersecurity (in our
31 31 31 to buy again. Building customer trust also affects
29 29 30 products). They will expect to have it. It will be a
27 27 27 27 27 partners and improves up to 4x market capitalization,
25 26 25 differentiator.”
24 with trusted companies ultimately outperforming
22
their peers by up to 400%. — CISO, Automotive Organization
400%
Improved digital trust (for
customers and employees)
Improved customer
Minimized Intellectual
Improved brand reputation
in tech integrity
Increased talent
recruitment/retention impact
or partner ecosystem
Increased resiliency
property theft
Increased revenue
Increased funding
of a strategic initiative
Improved agility
Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
WHY MATURITY MATTERS 19
One other area in which highly mature cyber cloud, infrastructure security, and application security.
organizations exceeded their peers in the low and Meanwhile, a minority of low- and medium-maturity
medium group: the value they are seeing from using companies reported value across those areas.
third-party cyber services.
Importantly, to take advantage of the value that third-
A majority of these high performers reported party cyber services can bring, organizations should
Lessons to learn:
measurable value when it came to third-party services consider ways they can manage their growing services Following the leaders
for cyber strategy, data protection and privacy, cyber ecosystems and the inherent complexity (Figure 7).
Data protection
and privacy
Cyber cloud
Application security
Infrastructure
security
Low cyber maturity (AL) Medium cyber maturity (AM) High cyber maturity (AN)
KEY INSIGHTS 20
1
Multidirectional engagement
2
Criticality to digital transformation initiatives
As we have already noted, high-performing High-maturity organizations are much more likely to Managing these risks can have a major impact on Aiming for results with AI
organizations engage the entire organization in cyber value cyber as central to key digital transformation an organization’s AI efforts. In fact, the AI survey “But in a nutshell we are promoting our
activities. While high-maturity organizations, by priorities (Figure 8). found that 50% of respondents cited management knowledge and awareness (about cyber), as
definition, leverage more cyber leading practices than of AI-related risks as one of the top inhibitors to well as quantum computing and metaverse—
their medium- and low-maturity counterparts, the Adoption of these digital transformation priorities is scaling AI projects. Despite such sentiments, only AI too—while approaching cybersecurity as
disparities in organizational engagement are among essential to ensuring operational agility and business 33% of respondents have aligned their AI risk the enabler for the business.”
the starkest. success. But each carries significant cyber risks, and management with their organization’s broader risk
—Mesfer Almesfer, CISO, NEOM
high-maturity organizations may be especially attuned management efforts. However, 33% of high-outcome
Leadership. High-maturity organizations are nearly to that reality. surveyed organizations and 29% of low-outcome
three times as likely as low-maturity organizations, and surveyed organizations do engage outside vendors to
nearly twice as likely as medium-maturity organizations, For example, AI can be an enabler of cyber strategies independently audit their AI systems.
to have a governing body comprising senior business and companies’ digital business ambitions, but it
and IT leaders, to oversee their cyber programs (60% also introduces the potential for cyber risk that can
high vs. 36% medium, 22% low). come with any digital technology. Beyond the leading Figure 8: Evolving with cyber
practices we have highlighted here, our recent State How each maturity group views cyber’s importance to specific digital transformation initiatives
Scenario planning. Similarly, high-maturity of AI in the Enterprise survey report also underscores (Percentage)
organizations are three times as likely as low-maturity how engaging in specific risk-mitigation steps can also
71
organizations, and twice as likely as medium-maturity help drive better outcomes, such as cost reduction 66
64
organizations, to conduct incident-response scenario and entry into new markets. AI-related risks represent 61 61
planning at the organizational and/or board level (60% an issue of high importance to organizations. It also
high vs. 30% medium, 20% low). found explainability and transparency in AI decisions, 48
data privacy or consent mismanagement, and safety 42 41 40
38 37
concerns about AI systems, among others, all loom 33 34 33 34
large as ethical risks that concern organizations.5
Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
KEY INSIGHTS 21
3
Robust planning
Planning is proving to be paramount for creating Figure 9: The planning reality, across maturity groups
cyber strategies that effectively mitigate risk and Organizations that are fully implementing these actions
drive business value. And the high-performing (Percentage)
organizations identified in this report appear to be
abundantly aware of planning’s importance (Figure 9).
Overall
Overall
62% Overall
Overall
59% 58% 58% Overall Overall
Highly cyber-mature organizations are more likely to 57% 56% Overall
have robust plans in place, with elements that may 91
Overall 51%
include:
89
87 88 54%
85 85
• A cybersecurity incident-response plan that 80
77
gets updated and tested annually (87% of high-
maturity organizations)
• An operational and strategic plan to defend 61
against cyber threats (91%) 55 56 55 55
53
51
• A comprehensive plan to assess how it 47
46 45 45 45
protects data in each step, covering where that 44 44 43
42
data is stored, processed, and transmitted (88%)
91%
High-maturity
An operational
and strategic
plan to defend
Annual
cybersecurity
awarenesss
A cyber
security
incident
Compre-
hensive plan to
assess how we
Cybersecurity
risk program
to monitor and
Action plan for
continuously
improving and
Purchasing
cybersecurity
Insurance
Ongoing,
voice-of-the-
customer
against training among response plan protect data in track the developing the input to
organizations an
cybersecurity all employees that gets each step as to security organization’s cybersecurity
operational and threats updated and where that posture of our hygiene with and data
strategic plan to tested data is stored, partners and cyversecurity privacy
annually processed, and suppliers and preferences
defend against transmitted information
cyber threats. security
Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
KEY INSIGHTS 22
4
Appreciating and investing in talent
Cyber issues and activities are ultimately about Overall, high-maturity organizations appreciate the Figure 10: How they are tapping their talent
people—whether it is an attacker trying to exploit importance that experienced talent can bring to Strategies organizations are taking to engage, retain, and develop existing talent
vulnerabilities, decision-makers responsible for cyber cyber efforts, and they are taking meaningful steps to
strategies and tactics, or the frontline employees retain valuable talent. High-maturity organizations are
Overall
running digital business processes and cyber significantly more likely to cite a lack of skilled cyber 54%
Overall
50%
programs. Strong talent—in the form of people who professionals as a top challenge in managing cyber
are skilled, experienced, and cyber-focused—is a (47% high cyber maturity vs. 38% medium, 37% low).
64
prerequisite for strong performance. Looking beyond 63 Overall
45%
traditional talent profiles has become crucial for For more mature organizations, their robust programs
securing the right people to drive cyber initiatives. may be part of the talent challenge. As they engage Overall Overall
40% 39%
For example, a customer experience designer might more broadly and deeply in cyber-related activities, 53
54
Overall Overall
bring needed insights for cyber initiatives, helping they may find that they have stretched their teams 50 39% 36%
49
to identify potential vulnerabilities when it comes to and capabilities to the maximum, and they may 48 48
transactional processes, data collection, or privacy. recognize the need to bring in more people with
43 43 43 43
advanced and diverse skills to support their more 42
Attracting and retaining talent—the right talent—is mature programs.
38 38
difficult. Stress and other pressures come naturally 37 37 37 37
with any position of cyber responsibility. And it can But are low-maturity organizations really not facing 34
33
be intense. In fact, one respondent interviewed as the same level of talent challenges—or are they simply
part of the study—a financial industry leader in the not putting enough emphasis on having the right skills
United Kingdom—pointed out that his designation as in place? If the latter, emphasizing talent acquisition
a “senior responsible manager” means that cyber risk should be a priority—and something that ultimately
effectively sits with the CISO and that “there could be could help them become more mature organizations
serious, personal consequences” for certain events. It (Figure 10).
is also a powerful argument for the inherent business
focus of cyber—and how responsibility should
transcend a single enterprise role or department.
Low cyber maturity (AL) (n=42)1 Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
KEY INSIGHTS 23
5
A diverse ecosystem of tools and services While deploying tools and services increases cyber
readiness, it also creates a need for strong ecosystem
Figure 11: Relying on others
Organizations are using third-party cyber services providers in these areas
As they look to lead in the future of cyber, high- planning, management, and operations. Working
maturity organizations are acutely aware that they with multiple vendors to solve complex, evolving
cannot do it alone. They must rely on an extended problems—and to run, monitor, and update cyber 88
85
ecosystem of technologies, capabilities, and external capabilities as part of an integrated environment—
82 82 81 81
offerings to create future-facing cyber capabilities presents its own set of complex needs. 80
that can also support business value.
73 74
Ironically, the complexity that can come with 72
71
71
69 70
Compared with their low- and medium- multiple cyber vendors could provide an entrée to 68 67
64 65
performing counterparts, these high-performing new risks, including breaches. In some situations, 62 61 61 62 60
62
organizations are more likely to have in place a consolidating vendor oversight is one way to bring 60 60
broad assortment of products and services from simplicity to the challenge. 55
third parties (Figure 11), including:
• Application Security As the average number of cyber vendors used
is expected to increase in the next two years, so
• Cyber Cloud
does the case for simplifying and consolidating
• Cyber Strategy oversight. One other approach to consider: working
• Data Protection and Privacy with convening bodies, such as industry groups,
• Detect & Respond to better understand technology developments
and emerging practices that can influence how you
• Emerging Technologies (OT, 5G, AI Quantum
manage your ecosystem.
Computing)
• Identity and Access Management
• Infrastructure Security
• Recover & Transform
Cyber cloud Data Application Infrastructure Cyber Emerging Identity Detect and Recover and
protection security security strategy technologies and access respond transform
and privacy (OT, 5G, AI management
Quantum
Change in behavior Gaining perspective Computing
The use of automated behavior-analytic tools “A 100% internal strategy doesn’t work. It doesn’t
to detect and mitigate potential cyber risk scale; it doesn’t work and it has a tendency that Low cyber maturity (AL) (n=421) Medium cyber maturity (AM) (n=458) High cyber maturity (AN) (n=231)
indicators among employees has increased it becomes an ivory tower. We work with a wide
significantly. In this survey, 76% of respondents range of partners, and this is mainly to get new
reported using such tools; in the 2021 survey, ideas and to help in guiding us strategically.”
53% reported using them. — CISO, Automotive Organization
OUTLOOK 24
So where do
we go from here?
If enterprise leaders expect their businesses to be able to expand
and grow, they should expect cyber to be an integral part of their
plans. Cyber should also be an integral part of all the tools they will
use to support their business ambitions going forward.
The days of “cyber as an afterthought” are For starters, a zero trust approach should be
gone. And for any business, new technological central to your efforts involving new technology.
capabilities will be more effective when strong By removing the assumption of trust from the
cyber strategies are part of the picture. Emerging security architecture and authenticating every
technologies will bring along with them innovative action, user, and device, zero trust helps enable
solutions that can support future business a more robust and resilient security posture. The
models and also present unforeseen challenges organizational benefits are complemented by a
on the cyber front. How will you harness these considerable end-user perk: seamless access to
technologies for business value while ensuring that the tools and data needed to work efficiently.
your cyber strategies and investments keep pace?
“We will have a more diverse range of digital When it comes to adopting innovations, begin with Looking ahead
solutions, including highly business-specific or your strategy and understand the technologies
data-intensive ones like AI and supercomputing, available that support that strategy from a cyber Sensing the risks and opportunities inherent in new Meanwhile, AI, which remains among the top 5
which require a constant update on how our cyber perspective—then apply a critical lens. How does the technology is one way to keep up with the evolving priorities in the survey, can help organizations address
environment is effectively protected and meets use of a data service or platform, for example, align threat landscape. You do not want your cyber efforts to complexity on a number of fronts, including cyber. As
regulatory standards.” with your purpose, reinforce your ability to create have to play catch-up with fast-moving tech trends. The organizations struggle with security breaches, cyber AI
—Charlie Huang, Data Protection Officer, BASF trust, and open up the organization to risks and less prepared you are for technological change, the less can be a force multiplier, enabling security teams not
threats? From there, work to apply the right solution prepared you are for managing cyber risk. only to respond faster than cyberattackers can move
for the right needs. but also to anticipate these moves and act in advance.
One case in point is the rising importance of 5G, which With AI and automation, organizations could also
appeared as a new entrant on this survey’s list of eliminate the tedious functions of some analysts—and
top 5 digital transformation priorities. While 5G can then train those analysts for more strategic roles that
enable new use cases—such as telemedicine, asset may be challenging to fill.
tracking in manufacturing, and augmented reality
for advanced training—it also presents a large attack And it is never too early to begin thinking about
surface. Designing and embedding security from the technologies that are much farther down the road,
start will be crucial for 5G adoption, but it also will bring including quantum computing, which only 4% of survey
a tremendous amount of complexity. respondents said would be a digital priority in the
next few years. While quantum computing unleashes
tremendous potential computing power for the
enterprise, it also can provide a tool for cyberattackers
to wield—and calls for a new enterprise footing of
“quantum readiness.”
Security by design
“We’re actually investing in what we call ‘secure
by design’ to make sure that security is one of the
many elements of our value proposition. We are
investing in policies, tooling, and controls across
the software and product lifecycles to ensure we
are creating great—and secure—technology. Our
customers expect it.”
—Allan Cockriel, Group CIO/CISO, Shell
CONCLUSION 26
Onward
The future of cyber and the future of business are tightly Get started
intertwined. How you embed cyber thinking, planning,
and action into all of your business initiatives will directly How you approach cyber says a lot about how you will approach the
future of your business, and how well you will achieve your business
influence the success of those initiatives. aims. No matter where you are today—and no matter where you want to
go—it helps to start with a clear understanding of what is possible and
what may lie on the road ahead.
Put another way: cyber is foundational. It is the Brand reputation. Customer trust and loyalty. Acknowledgements
bedrock for enabling and sustaining the digital trust Operational stability. Revenue growth. It is all Ian Blatchford, Scott Buzik, Luca Covolo, Deborah Elder, Jaya Gopalan,
on which the future of your business will stand. connected to how well you plan and execute Jeremy Guterl, Matthew Holt, Dan Konigsburg, Daphne Lucas, Diana
As business continues to shift ever more sharply when it comes to cyber—on how strong you Kearns-Manolatos, Emily Mossburg, Mike Nash, Kelly Nelson, Jud Payne,
into the digital realm, creating effective digital make your cyber foundation. Thinking “cyber Sean Peasley, Ashley Reichheld, Heather Saxon, Daniel Soo, Scott Tillett,
ecosystems will depend on creating effective cyber first” is imperative—when embarking on new Niels van de Vorle, Marius von Spreti, Emily Werner
strategies that drive business outcomes. cloud initiatives, when developing new products
and services, when adding third parties to your Contacts
ecosystem, and when providing your workforce with
Emily Mossburg Peter Wirnsperger César Martín Lara
new tools. And the importance of cyber is woven
Global Cyber Leader Central Europe Spain Cyber Leader
throughout all other digital imperatives, such as the emossburg@deloitte.com Cyber Leader cmartinlara@deloitte.es
need for insights, platforms, connectivity, effective +1 571 766 7048 pwirnsperger@deloitte.de +34 914381416
+49 40 320804675
experiences, and integrity.
Ian Blatchford Deborah Golden
Asia Pacific Cyber Leader Niels van de Vorle United States
iblatchford@deloitte.com North and South Cyber Leader
+61 474 288 278 Europe Cyber Leader debgolden@deloitte.com
nvandevorle@deloitte.nl +1 571 882 5106
Amir Belkhelladi +31882882186
Canada Cyber Leader
abelkhelladi@deloitte.ca
+1 514 393 7035
27
Endnotes
1. Deloitte 2021 Future of Cyber Survey.
2. Closing the cloud strategy, technology, and innovation gap. Deloitte US Future of Cloud Survey Report, 2022.
3. Future of Digital Trust: Driving forces, trends and their implications on our digital tomorrow. Deloitte. 2021.
4. The Four Factors of Trust: How Organization Can Earn Lifelong Loyalty.
5. Fueling the AI transformation: Four key actions powering widespread value from AI, right now. Deloitte’s
State of AI in the Enterprise, 5th Edition report, October 2022.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member
firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte
Global”) and each of its member firms and related entities are legally separate and independent entities, which
cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related
entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services
to clients. Please see www.deloitte.com/about to learn more.
Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax
and related services. Our global network of member firms and related entities in more than 150 countries
and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies.
Learn how Deloitte’s approximately 330,000 people make an impact that matters at www.deloitte.com.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited
(“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organization”)
is, by means of this communication, rendering professional advice or services. Before making any decision or
taking any action that may affect your finances or your business, you should consult a qualified professional
adviser. No representations, warranties or undertakings (express or implied) are given as to the accuracy or
completeness of the information in this communication, and none of DTTL, its member firms, related entities,
employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or
indirectly in connection with any person relying on this communication. DTTL and each of its member firms,
and their related entities, are legally separate and independent entities.