Cyber leaders’ trust in defences plummets but costs mount

Annual EY study reveals just one in five consider their organisation’s approach to cyber to be effective, with annual cyber spend hitting US$35m

Cybersecurity leaders today appear to be struggling with the effectiveness of their organisation’s defences, according to EY’s latest Global Cybersecurity Leadership Insights Study.

While the number of cyber threats and associated costs are increasing, the survey of 500 cybersecurity leaders worldwide found that just one in five considers their organisation’s approach to be effective for current and future threats. Half of respondents also appear sceptical about the effectiveness of the training that their organisations provide and just 36% told EY that they are satisfied with the levels of adoption of best practices by teams outside the IT department. 

Mounting costs associated with cybersecurity investment

At the same time, cyber leader respondents report mounting costs associated with cybersecurity investment and an average of 44 cyber incidents in 2022. Chief Information Security Officer (CISO) respondents report an average annual spend of US$35m on cybersecurity and that the median cost of a breach to their organisation has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m. 

Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) say their organisations take an average of six months or longer to detect and respond to an incident.

“After all the time and money spent on cybersecurity, CISOs still feel very unprepared against cyber threats,” Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader, says. “The levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.”

The benefits of extracting value from advanced technology solutions

The study finds that those organisations that are more satisfied with their approach to cybersecurity experience fewer cyber incidents and can detect and respond to incidents quicker have certain common characteristics.

While 70% of these “Secure Creators” identified in the study, define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as AI/machine learning (62%) and Security, Orchestration, Automation and Response (SOAR) (52%) that allow them to have a clear line of sight of cybersecurity incidents. In addition, they have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners and through their supply chains. Respondents from these types of organisations appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%). 

Finally, “Secure Creators” embed cybersecurity thinking and training from the C-suite down to the workforce. As a result, CISOs from these organisations say that their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%). 

“When it comes to technology, the more clutter an organisation has in its armoury, the harder it is to pick up signals and get on top of issues quickly,” Watson adds. “CISOs should focus not on bolting on new technologies but integrating existing ones better. Organisations are now inextricably and digitally linked to businesses in their supply chain. CISOs should champion thinning out supply chains, so they are dealing with fewer suppliers, and work to ensure that a cyber security lens is applied over them. 

“It is the very scale and complexity of security measures and processes in an organisation that pose the greatest threat to efficient cybersecurity. Instilling a culture of being brilliant at the basics of cybersecurity across the organisation can prove to be the best defence.”


For more insights into the world of Technology - check out the latest edition of Technology Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Cyber Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.


Featured Articles

How Dell AI & Data Solutions Help Improve Driver Safety

Subaru Corporation is partnering with Dell Technologies to improve driver safety through the powerful combination of AI and high-performance storage

Global Chip Boom Could Impact Technology Supply Chains

With the US and Europe striving to advance chipmaking efforts, a Bloomberg Intelligence report suggests they could steam ahead of Taiwan in the next decade

Dell Technologies: Powering Reliable Global Connectivity

Dell Technologies is announcing new solutions to help communications and service providers (CSPs), so that their systems are faster and more flexible

MWC Barcelona 2024: Unveiling the Future of Technology

Digital Transformation

Google Gemma: An AI Model Small Enough to Run on a Laptop

AI & Machine Learning

Why Tech Leaders Should Attend Sustainability LIVE: Net Zero

Digital Transformation