Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation

It is harder than ever to stay one step ahead of cybersecurity threats. New, more sophisticated adversaries — some operating autonomously and learning from generative AI models - are thriving in a landscape with multiple attack surfaces opened by hybrid and distributed work, cloud computing at scale, and the digitalization of everything. The stakes are high for CISOs.

Here are four actions CISOs can take to better prepare for today and tomorrow:

Reduce technology complexity

Emerging technology presents opportunities and challenges for cybersecurity leaders. Most organizations have an average of 44 security products that are often poorly integrated, difficult to maintain and support, and offer no overall visibility.

Why organizations should prepare for quantum computing cybersecurity now

Quantum technology is finding its way out of research labs and into commercial applications, upending the norms of cryptography.

14 Apr 2023 Jeff Wong

How emerging technologies can usher in the dawn of pervasive intelligence

“Pervasive intelligence” will emerge through a massively distributed digital connectivity and cloud fabric, transforming our economy.

27 Oct 2022

Top 10 opportunities for technology companies in 2023

In a volatile business environment, will the bold be rewarded? Now is the time to invest and test the waters with new business models.

7 Dec 2022 Ken Englund
Reduce the attack surface

As organizations pursue digital transformation, they are coming to terms with increased cyber vulnerability. Cloud applications, 5G networks and the rise of remote and hybrid work arrangements, alongside infrastructures like VPNs, increase entry points for hackers. Software and physical supply chains increase risk, especially when the security of third-party partners isn’t guaranteed.

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.

15 Feb 2023 Tom Loozen

Quantum computing: 5 steps to take now

Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks.

21 Nov 2022 Beatriz Sanz Sáiz
Align everyone behind cybersecurity

CISOs don’t have to advocate for budget as much as they used to. According to the survey, budget, once a top internal challenge, was only ranked sixth out of eight in a list of obstacles. With resources in hand, CISO communications have evolved to focus on cyber readiness and training.

Why cybersecurity should be required reading for higher education

Following a full cybersecurity assessment, a university lands on a solution that can identify, triage and manage data risks.

11 Jul 2022 Rob Belk

Does cyber risk only become a priority once you’ve been attacked?

Cyber threats are evolving and escalating at an especially alarming rate for asset-intensive industries such as mining and metals (M&M).

8 Mar 2022 Paul Mitchell

Why a superstore reinforced its cyber walls to protect its customers

Heightened security risks led a retail giant to mature its cyber capabilities, optimize its technology spend and reinforce customer trust.

2 Nov 2022 Dave Burg
Unleash value

Cyber-secure organizations can innovate to create value with fewer risks than their less-secure peers – Prone Enterprises. Organizations without Secure Creators may be hesitant to invest in unproven technologies that have the potential to be huge value drivers for early adopters.

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Enterprises are increasingly looking to leverage new technologies like 5G and IoT to deliver their ESG goals.

15 Feb 2023 Tom Loozen

How strong data management becomes a real game-changer

For one video game company, a data-driven culture meant gigs of innovation.

12 Apr 2023 Faisal M. Alam

Creating a cybersecurity strategy that drives purposeful growth

EY helped Henkel create a cybersecurity strategy that is aligned with its corporate strategy and the objectives of its digital unit.

5 Nov 2021 Oina Kerchner

Cybersecurity leaders are looking to improve capabilities in the following areas:

Generative AI and machine learning

AI is both friend and foe to CISOs. To tip the balance toward friendship, cybersecurity leaders are investing in AI- and machine learning-enabled tools to improve vulnerability testing, detect threats more quickly and build more adaptive security systems.

Generative AI models like generative adversarial networks (GANs) can create synthetic data that mimic real-word cyberattacks, making attack testing and response easier. In the real-world, generative AI-enabled threat detection tools are able to analyze large amounts of data in real time, allowing them to quickly detect anomalies and patterns that may indicate a cyberattack. If a threat is realized as a cyberattack, organizations can employ quickly-adaptive response systems that have been informed by huge datasets of historical breaches.
Passwordless authentication

No matter the complexity, passwords by themselves are not as secure as they used to be. Organizations are using passwordless authentication to eliminate the risks associated with traditional password-based authentication methods.

Passwordless authentication replaces passwords with more secure methods, such as biometric authentication, hardware-based authentication or one-time passcodes sent via email or text message. This reduces the risk of phishing attacks, credential stuffing and password-related vulnerabilities.
Zero trust

A growing tech stack brings an expanded attack surface. Cybersecurity leaders are building zero trust architectures to deal with the near constant threat posed by attackers.

Zero trust architectures use a mix of technology and protocols to identify and grant access to users within and outside an organization’s network. By default, users are not trusted and are given the least amount of privilege possible within a network. Networks are segmented to prevent widespread access if one wall is breached and barriers like multifactor authentication (MFA) are deployed to make unauthorized access more difficult.

Organizations must adopt technology, but doing so doesn’t mean they have to be less secure.
DevSecOps

Rapid technology development can create security gaps. DevSecOps (development, security and operations) can close these gaps by building cybersecurity into the development lifecycle, from design to production.

DevSecOps encourages collaboration and communication between developers, security professionals, and operations teams, allowing for a more holistic approach to cybersecurity. Building these practices into technology governance enables rapid deployment of security updates and patches, ensuring that systems are always up to date and protected against the latest threats.

Case study: creating a smarter, safer grid for new meters

EY teams are helping a national electricity company reinforce its legacy power infrastructure for a trusted, cyber-safe future.

Young woman using laptop at dawn above the city, Barcelona, Spain

How technology fights FinCrime while enhancing regulatory compliance

EY enabled a large global bank to lead the fight against FinCrime in a way that also helped it improve efficiency and increase compliance.

Cybersecurity Transformation

Design, deliver and maintain your cybersecurity programs at the enterprise-level by embedding security by design at every step of the way.

Cybersecurity, strategy, risk, compliance and resilience

EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.

Next generation security operations and response

Our Next generation security operations and response services along with a deep portfolio of consulting, implementation and managed services, can help organizations build a transformation strategy and roadmap to implement the next generation of security operations.

Cybersecurity Architecture, Engineering & Emerging Technologies

EY services are designed to help organizations protect their enterprises from adversaries that seek to exploit weaknesses in the design and operation of their technical security controls, including disruptive technologies such as cloud computing, blockchain, and Internet of Things (IoT).

Data protection and privacy

EY data protection and privacy services help organizations stay up-to-date with leading services in data security and data privacy, as well as complying with regulation in a constantly evolving threat environment and regulatory landscape.

Identity and access management

EY Identity and access management (IAM) services help EY clients to manage the lifecycle of digital identities for people, systems, services and users by giving organizations a clear view of who has access to what resource in the company.

woman walking along the road to the mountains

Transformation Realized™

Consulting at EY is building a better working world by realizing business transformation through the power of people, technology and innovation.

Discover more

Our latest thinking

The team

On the agenda (5)

Skip

Contact us

Like what you’ve seen? Get in touch to learn more.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY | Assurance | Consulting | Strategy and Transactions | Tax

About EY

EY is a global leader in assurance, consulting, strategy and transactions, and tax services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EYG/OC/FEA no.

ED MMYY

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Topics

General

People

Trending

Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation

Why organizations should prepare for quantum computing cybersecurity now

How emerging technologies can usher in the dawn of pervasive intelligence

Top 10 opportunities for technology companies in 2023

The CIO Imperative: How emerging tech can accelerate a path to sustainability

Quantum computing: 5 steps to take now

Why cybersecurity should be required reading for higher education

Does cyber risk only become a priority once you’ve been attacked?

Why a superstore reinforced its cyber walls to protect its customers

The CIO Imperative: How emerging tech can accelerate a path to sustainability

How strong data management becomes a real game-changer

Creating a cybersecurity strategy that drives purposeful growth

Cybersecurity leaders are looking to improve capabilities in the following areas:

Case study: creating a smarter, safer grid for new meters

How technology fights FinCrime while enhancing regulatory compliance

How EY can help

Transformation Realized™

Our latest thinking

The team

On the agenda (5)

Cybersecurity

Transformation Realized

Risk leaders' agenda

Global Information Security Survey (GISS)

Technology

Contact us

Contact us

Realize your transformation with Consulting at EY