Cyber leaders’ trust in defences plummets but costs mount

EY’s latest Global Cybersecurity Leadership Insights Study shows the median cost for a breach was expected to reach US$4m
EY’s latest Global Cybersecurity Leadership Insights Study shows the median cost for a breach was expected to reach US$4m
Annual EY study reveals just one in five consider their organisation’s approach to cyber to be effective, with annual cyber spend hitting US$35m

Cybersecurity leaders today appear to be struggling with the effectiveness of their organisation’s defences, according to EY’s latest Global Cybersecurity Leadership Insights Study.

While the number of cyber threats and associated costs are increasing, the survey of 500 cybersecurity leaders worldwide found that just one in five considers their organisation’s approach to be effective for current and future threats. Half of respondents also appear sceptical about the effectiveness of the training that their organisations provide and just 36% told EY that they are satisfied with the levels of adoption of best practices by teams outside the IT department. 

Mounting costs associated with cybersecurity investment

At the same time, cyber leader respondents report mounting costs associated with cybersecurity investment and an average of 44 cyber incidents in 2022. Chief Information Security Officer (CISO) respondents report an average annual spend of US$35m on cybersecurity and that the median cost of a breach to their organisation has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m. 

Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) say their organisations take an average of six months or longer to detect and respond to an incident.

“After all the time and money spent on cybersecurity, CISOs still feel very unprepared against cyber threats,” Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader, says. “The levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.”

The benefits of extracting value from advanced technology solutions

The study finds that those organisations that are more satisfied with their approach to cybersecurity experience fewer cyber incidents and can detect and respond to incidents quicker have certain common characteristics.

While 70% of these “Secure Creators” identified in the study, define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as AI/machine learning (62%) and Security, Orchestration, Automation and Response (SOAR) (52%) that allow them to have a clear line of sight of cybersecurity incidents. In addition, they have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners and through their supply chains. Respondents from these types of organisations appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%). 

Finally, “Secure Creators” embed cybersecurity thinking and training from the C-suite down to the workforce. As a result, CISOs from these organisations say that their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%). 

“When it comes to technology, the more clutter an organisation has in its armoury, the harder it is to pick up signals and get on top of issues quickly,” Watson adds. “CISOs should focus not on bolting on new technologies but integrating existing ones better. Organisations are now inextricably and digitally linked to businesses in their supply chain. CISOs should champion thinning out supply chains, so they are dealing with fewer suppliers, and work to ensure that a cyber security lens is applied over them. 

“It is the very scale and complexity of security measures and processes in an organisation that pose the greatest threat to efficient cybersecurity. Instilling a culture of being brilliant at the basics of cybersecurity across the organisation can prove to be the best defence.”


For more insights into the world of Technology - check out the latest edition of Technology Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Cyber Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

Schneider Electric: UK&I President Grows Her Europe Presence

Kelly Becker adopts her new role as President of UK & Ireland, Belgium & the Netherlands at Schneider Electric, growing her presence across Europe

DTW24 Ignite: AI to Power the Next Generation of Technology

Technology Magazine is on the ground in Copenhagen at DTW24, highlighting the industry's move towards an AI-Native era

SolarWinds: IT Professionals Worry about AI Integration Risk

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Qlik's Julie Kae: Leveraging Data to Improve Sustainability

Data & Data Analytics

Study: More than Half of Companies Lack AI Innovation Skills

Digital Transformation

Devoteam Expands into UK Market, Acquires Ubertas Consulting

Cloud Computing