Deloitte Global’s Future of Cyber survey shows how organizations around the world are adapting to a shifting threat landscape by amplifying the CISO role and prioritizing cyber-savvy boards
- The threat landscape is evolving as reported threats related to data-loss- impacted 28% of organizations in 2024, up by 14% vs. last year.
- 57% of respondents anticipate increasing their budget for cybersecurity over the next 12 to 24 months.
Deloitte Global released the fourth edition of the Global Future of Cyber survey, which found that cybersecurity is increasingly becoming a cornerstone of many organizations’ growth strategies and business plans amidst today’s advanced and complex threat landscape. The findings from Deloitte Global’s largest cyber-related survey to date show how decision-makers are shifting their responses to cyber threats. Among other strategies, businesses are increasing the responsibility and strategic influence assigned to chief information security officers (CISOs), promoting further involvement from the board on cybersecurity-related matters, and turning to measures like artificial intelligence (AI).
In recent years, the ever-evolving tech environment has led Deloitte to identify organizations based on their level of cyber-maturity in the survey findings. Key indicators of a high-performing, cyber-mature organization include increased efforts of cyber planning, implementation of key cybersecurity activities, cyber engagement at the board level, and deployment of AI within their cyber programs. This year’s survey reinforces the urgency of securing cyber systems, as 25% of respondents from cyber-mature businesses reported 11 or more cybersecurity incidents in the past year, a 7% increase of incidents since the 2023 survey.
Stemming from the climbing number of cyberattacks, the report underlines the growing responsibilities CISOs are having as important allies to their CEOs and boards, particularly as their influence expands across an increasingly tech-savvy C-suite. One aspect in making the role exceedingly important has been the growing wave of AI-generated threats, which can target enterprises to exploit vulnerabilities by impersonating trusted sources. While the CISO’s expertise gains value, organizations are turning simultaneously to AI-enabled tools to strengthen cybersecurity and combat risks. Each of this suggests an increasingly integrated cyber function across business and technology:
- Around one-third of respondents report a significant increase in CISO involvement during strategic conversations about tech-related capabilities in the past year.
- Over the last decade CISOs have traditionally reported to the chief information officer (CIO), however they are increasingly gaining the ear and trust of CEOs, as 20% of decision-makers revealed their CISOs now report directly to their CEO.
- Cyber is playing a large role in securing an organization’s investment in tech capabilities, particularly when it comes to priority areas such as cloud (48%), Generative AI (41%), and data analytics (41%).
- On average 39% of respondents are using AI capabilities in their cybersecurity programs to a large extent.
“The rise of AI and other evolving technologies has significantly transformed the threat landscape. As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritization and mitigation,” says Emily Mossburg, Deloitte Global Cyber Leader. “The close relationship between CISOs and CEOs is a testament to the role security plays in a business’s long-term success. Today, CISOs are not only protectors against outside threats, but key players helping their organization find success by integrating cyber considerations in the strategic decision-making process.”
Organizations continue to embrace cyber as an essential component of their enterprise tech stack, budgeting strategies, and future business plans. They also increasingly rely on technology-driven programs to fuel growth and innovation. As business leaders realize the potential of cyber, the report finds:
- The top three expected outcomes from cybersecurity initiatives are protecting intellectual property (46%), improving threat detection and response (44%), and increasing efficiency and agility (44%).
- Overall, 83% of respondents agree or completely agree that measures like qualitative risk assessments and benchmarking are an integral part of their overall cybersecurity strategy.
- 58% of respondents also expect to begin integrating cybersecurity spending with budgets for other programs, such as digital transformation initiatives, IT programs, and cloud investments.
“This year’s report highlights how the connection between cybersecurity and business outcomes continues to grow stronger, enabling cyber to have greater impacts in achieving organizational objectives” adds Mossburg. ”The increased reliance organizations have on their technology-driven programs is evolving the CISO roles and their cyber initiatives into essential components in driving business growth in a tech-powered future.”
