There are notable gaps in organisations’ abilities to meet the cybersecurity demands of the future, the ‘2019 Future of Cyber’ survey conducted by consulting multinational Deloitte found.
The findings indicate that many organisations are challenged in ensuring prioritisation of cyber risk across the enterprise (16%), followed closely by a lack of management alignment on priorities and adequate funding, each at 15%, Deloitte said in a statement on Thursday.
“Cyber leaders are focused on digital transformation as a catalyst for change for the broader enterprise and their cyber agendas. The survey results show that organisations are no longer taking a wait-and-see philosophy to preparing for and responding to cyber incidents,” said Deloitte Risk Advisory Africa cyber leader Eric Mc Gee.
Cyber is growing and moving in multiple dimensions across multiple disciplines – beyond an organisation’s perimeter and information technology environments, permeating the products it creates, the factories where it makes them, the spaces where its employees conceive them and where its customers use them.
There is a whole new mindset as to how organisations are going to achieve their business outcomes, which requires a “cyber everywhere” mindset, he added.
However, the findings of the survey of 500 C-suite cybersecurity executives at companies with at least a $500-million turnover also suggested that there was still much work to do in aligning cyber initiatives with executive management’s digital transformation priorities.
“There is a gap that must be bridged, with finite budgets and resources, as well as a lack of prioritisation by executive management. The overall consensus was that many organisations are not fully equipped to efficiently and effectively tackle today’s cyber demands,” said Mc Gee.
Half of organisations (49%) have cybersecurity on their board agenda, at least quarterly. Conversely, half of boards are not discussing cyber as often as they should. More concerning is that only 4% of respondents say cybersecurity is on the agenda once a month.
While organisations are prioritising digital transformation, only 14% of cyber budgets are allocated to provide for cybersecurity in transformation efforts. Less than 20% of organisations have security liaisons embedded within business units to foster greater collaboration, innovation and security.
Organisations are also turning to third parties to manage certain functions of their cyber operations. Of the 65% of the Chief Information Security Officers (CISOs) surveyed, 21% to 30% of total cyber operations are outsourced, with nearly half (48%) of CISOs selecting insider threat-detection as a top function that they turn over to third parties to manage.
“There is a disconnect between the 85% of the survey respondents who indicate that they are using Agile/DevOps in application development and then ranking DevSecOps lowest (11%) on the cyber defence priorities and investments areas, which may explain why 90% of organisations surveyed experienced disclosures of sensitive production data within the past year,” highlighted Mc Gee.
Further, data integrity (35%) was the cybersecurity threat respondents were most concerned about, followed by unintended actions of well-meaning employees (32%) resulting in a negative event and then technical vulnerabilities (31%).
As organisations embrace digital transformation and shift to the cloud, the complexity of technology infrastructure increases and workloads are outsourced to third parties, expanding their cyber risk, he averred.
“Cyber will become more prolific across systems, platforms and people — employees, customers and partners. Deloitte notes that enterprise leadership will have to correlate all of that to stay ahead of the adversary and protect the organisation’s most valuable assets,” said Mc Gee.