Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation 

#TransformationRealized

 

 Linked in twitter

It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.

“Secure Creators” are redefining cybersecurity in their industries. This cohort of organizations was identified in the 2023 EY Global Cybersecurity Leadership Insights survey, which polled 500 global c-suite experts to assess their current cyber performance, their readiness for emerging and future threats, and their chief challenges. Secure Creators have fewer cyber incidents, were quicker to respond, and provided 1.5 to 2 times more positive impact on their organization in terms of value creation, innovation and responsiveness to market opportunities when compared to their lower-performing counterparts.

They accomplished this not by simply deploying the right technology, innovating effectively, communicating across their organizations and minimizing attack surfaces, but by executing each of those practices better than their peers. 

Here are four actions CISOs can take to better prepare for today and tomorrow: 

  • Reduce technology complexity

    Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.

    Secure Creators embrace technology but with an eye for simplicity. They are quick to experiment with novel solutions, with 72% saying they are early adopters of new technology versus 55% of “Prone Enterprises,” the weaker group in the survey. But they are also more likely to use security orchestration, automation and response, and are late-stage adopters of robotic process automation. This indicates an eye on innovations that cohere into an orchestrated, pan-organizational defense.

    Why organizations should prepare for quantum computing cybersecurity now
    Why organizations should prepare for quantum computing cybersecurity now

    Quantum technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography.

    14 Apr 2023 Jeff Wong

    How emerging technologies can usher in the dawn of pervasive intelligence
    How emerging technologies can usher in the dawn of pervasive intelligence

    “Pervasive intelligence” will emerge through a massively distributed digital connectivity and cloud fabric, transforming our economy.

    27 Oct 2022 Fuad Siddiqui

  • Reduce the attack surface

    As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.

    Secure Creators are more likely to be paying attention to supply chain risks than Prone Enterprises (39% vs. 20%). CISOs should be involved in vendor selection decisions and should help set partner relationships to bring higher levels of assurance to supply chains and to ensure there is a cyber lens to supply decisions.

    The CIO Imperative: How emerging tech can accelerate a path to sustainability
    The CIO Imperative: How emerging tech can accelerate a path to sustainability

    Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.

    15 Feb 2023 Tom Loozen

    Quantum computing: 5 steps to take now
    Quantum computing: 5 steps to take now

    Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks.

    21 Nov 2022 Beatriz Sanz Sáiz

  • Align everyone behind cybersecurity

    CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.

    Secure Creators speak the language of the C-suite and boards in conveying the realities of the current moment and the continuous resource demands of the function. They also do a better job organizing training and designing best practices. While only half of respondents say their cyber training is effective, and only 36% are satisfied with non-IT adoption of best practices, this gap closes among Secure Creators, who are more satisfied with best practice adoption. Upskilling current cybersecurity workforces is by far the most popular tactic to prepare for future cybersecurity threats, cited nearly three times more than the next most popular tactic in the survey.

    Why cybersecurity should be required reading for higher education
    Why cybersecurity should be required reading for higher education

    Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.

    11 Jul 2022 Rob Belk

    Why a superstore reinforced its cyber walls to protect its customers
    Why a superstore reinforced its cyber walls to protect its customers

    Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.

    2 Nov 2022 Dave Burg

  • Unleash value

    Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.

    Secure Creators are value creators, not just value defenders. Cybersecurity leaders in these organizations are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (59% vs. 16% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 28%) and ability to focus on creating value rather than protecting value (57% vs. 39%).

    The CIO Imperative: How emerging tech can accelerate a path to sustainability
    The CIO Imperative: How emerging tech can accelerate a path to sustainability

    Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.

    15 Feb 2023 Tom Loozen

    How strong data management becomes a real game-changer
    How strong data management becomes a real game-changer

    For one video game company, a data-driven culture meant gigs of innovation.

    12 Apr 2023 Faisal M. Alam

Cybersecurity leaders are looking to improve capabilities in the following areas:

  • Generative AI and machine learning

    AI is both friend and foe to CISOs. To tip the balance toward friendship, cybersecurity leaders are investing in AI- and machine learning-enabled tools to improve vulnerability testing, detect threats more quickly and build more adaptive security systems.

    Generative AI models like generative adversarial networks (GANs) can create synthetic data that mimic real-word cyberattacks, making attack testing and response easier. In the real-world, generative AI-enabled threat detection tools are able to analyze large amounts of data in real time, allowing them to quickly detect anomalies and patterns that may indicate a cyberattack. If a threat is realized as a cyberattack, organizations can employ quickly-adaptive response systems that have been informed by huge datasets of historical breaches.

  • Passwordless authentication

    No matter the complexity, passwords by themselves are not as secure as they used to be. Organizations are using passwordless authentication to eliminate the risks associated with traditional password-based authentication methods.

    Passwordless authentication replaces passwords with more secure methods, such as biometric authentication, hardware-based authentication or one-time passcodes sent via email or text message. This reduces the risk of phishing attacks, credential stuffing and password-related vulnerabilities.

  • Zero trust

    A growing tech stack brings an expanded attack surface. Cybersecurity leaders are building zero trust architectures to deal with the near constant threat posed by attackers.

    Zero trust architectures use a mix of technology and protocols to identify and grant access to users within and outside an organization’s network. By default, users are not trusted and are given the least amount of privilege possible within a network. Networks are segmented to prevent widespread access if one wall is breached and barriers like multifactor authentication (MFA) are deployed to make unauthorized access more difficult.

    Organizations must adopt technology, but doing so doesn’t mean they have to be less secure.

  • DevSecOps

    Rapid technology development can create security gaps. DevSecOps (development, security and operations) can close these gaps by building cybersecurity into the development lifecycle, from design to production.

    DevSecOps encourages collaboration and communication between developers, security professionals, and operations teams, allowing for a more holistic approach to cybersecurity. Building these practices into technology governance enables rapid deployment of security updates and patches, ensuring that systems are always up to date and protected against the latest threats.

Show more

How EY can help

Cybersecurity Transformation

Design, deliver and maintain your cybersecurity programs at the enterprise-level by embedding security by design at every step of the way.

Read more
Privacy & Cyber Response

From investigation, to litigation and regulatory response EY Privacy and Cyber Response professionals assist organizations to navigate through complex cyber attacks.

Read more
Discovery & Analytics

The diversity and dispersion of digital information continues to grow as the legal and regulatory environments become more challenging. From pre-litigation information management to post-matter data disposition, we offer managed services across the entire discovery life cycle.

Read more
Incident Response and Resilience

The risk landscape for companies is constantly shifting, with cyberattacks and natural disasters striking more frequently with increasing severity. EY teams are dedicated to assisting clients to prepare for and financially recover from such incidents.

Read more
EY Virtual Ethics and Compliance Manager

EY Virtual Ethics and Compliance Manager helps compliance, ethics and investigation functions accelerate their digitization journey and transform business operations by adopting a managed services approach.

Read more
Cybersecurity, strategy, risk, compliance and resilience

EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.

Read more
Next generation security operations and response

Our Next generation security operations and response services along with a deep portfolio of consulting, implementation and managed services, can help organizations build a transformation strategy and roadmap to implement the next generation of security operations.

Read more
Cybersecurity Architecture, Engineering & Emerging Technologies

EY services are designed to help organizations protect their enterprises from adversaries that seek to exploit weaknesses in the design and operation of their technical security controls, including disruptive technologies such as cloud computing, blockchain, and Internet of Things (IoT).

Read more
Data protection and privacy

EY data protection and privacy services help organizations stay up-to-date with leading services in data security and data privacy, as well as complying with regulation in a constantly evolving threat environment and regulatory landscape.

Read more
Digital identity and access management

Identity and access management (IAM) is a foundational element of any information security program.

Read more
FedRAMP Assessment for Cloud Service Offerings (CSO)

A third-party FedRAMP assessment can help Cloud Service Offering (CSO) seamlessly navigate through the FedRAMP authorization stages. This can help the organization gain a competitive edge in the federal marketplace and set the organization apart from competitors who are not yet FedRAMP Ready or have not achieved FedRAMP authorization.

Read more

On the agenda (5)

Skip

Cybersecurity

Featured: Acceleration of technology risk function at Indian BFSI GCCs
Discover

Transformation Realized™

Featured: Tech Trend 04: Digital twins: Creating intelligent industries
Discover

Risk leaders' agenda

Featured: Why data privacy is emerging as the new norm
Discover

Global Information Security Survey (GISS)

Featured: How will the Data Protection Bill help India achieve its vision of a ‘digital’ future?
Discover

Technology

Featured: Transforming India's mining sector through sustainability and innovation
Discover

Direct to your inbox

Stay up to date with our Editor's picks newsletter. 

Subscribe

Contact us

Like what you’ve seen? Get in touch to learn more.