Deloitte 2019 Future of Cyber Survey Indicates Organizations Are Not Ready
IndraStra Global

Deloitte 2019 Future of Cyber Survey Indicates Organizations Are Not Ready

Deloitte 2019 Future of Cyber Survey Indicates Organizations Are Not Ready

According to a new Deloitte 2019 Future of Cyber survey, there are notable gaps in organizations' abilities to meet cybersecurity demands for the future. The report highlights the dissonance between what organizations aspire to versus the current reality of their cyber posture. Results from the survey indicate that many cyber organizations are challenged by their ability in data management complexities (16 percent), followed closely - better prioritization of cyber risks across the enterprise and rapid IT changes, each at 15 percent.

Chart Attribute: What is the most challenging aspect of cybersecurity management across your organization? / Source: Figure 6, Page 6, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Chart Attribute: What is the most challenging aspect of cybersecurity management across your organization? / Source: Figure 6, Page 6, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Today's cyber leaders are focused on digital transformation as a catalyst for change for both the greater enterprise and their cyber agendas. With the acknowledgment that cyber is everywhere comes the need for organizational leadership to get real about how they intend to manage the pervasiveness of cyber in the new era of cloud, internet of things (IoT), artificial intelligence (AI), and data integrity. Deloitte Cyber surveyed 500 C-suite executives who have responsibility for cybersecurity to explore their challenges in leading the transformation from legacy environments, disconnected data sources, identity systems, and governance issues, to name a few.

"This is really the evidence to suggest there is a real gap that must be bridged," said Irfan Saif, cyber innovation leader and principal in Deloitte Risk and Financial Advisory at Deloitte & Touche LLP. "With finite budgets and resources, and lack of prioritization by executive management, organizations are going to be tested to keep up with the cyber demands of digital transformation."

Findings of the Future of Cyber survey include:

  • 43 percent of surveyed CISOs indicated they report directly to the CEO. That finding is consistent across the total survey population where 32 percent of respondents indicated the CISO reported to the CEO, with only 19 percent indicating that the role reported to the CIO. In Deloitte's experience facilitating hundreds of CISO transformation labs over the past five years and through an informal collection of data, nearly 80 percent of CISOs report to a CIO or CSO. This indication that CISOs are, in fact, directly reporting to a CEO is quite encouraging but counter to Deloitte's experience.
Chart Attribute:  Top positions that the CISO typically reports to in a company / Source: Figure 8b, Page 9, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Chart Attribute:  Top positions that the CISO typically reports to in a company / Source: Figure 8b, Page 9, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.
  • Half of the organizations (49 percent) have cybersecurity on their board agenda at least quarterly. However, at some level, it can be viewed that half of the boards are not discussing cyber as often as they likely should be. After all, only 4 percent of respondents say cybersecurity is on the agenda once a month.
Chart Attribute: How frequently cybersecurity issues are on board’s agenda / Source: Figure 7, Page 7, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Chart Attribute: How frequently cybersecurity issues are on board’s agenda / Source: Figure 7, Page 7, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.
  • While organizations are prioritizing digital transformation initiatives, only 14 percent of cyber budgets are allocated to securing transformation efforts.
  • Less than 20 percent of organizations have security liaisons embedded within business units to foster greater collaboration, innovation, and security.
  • Organizations are turning to third parties to manage certain facets of their cyber operations. According to 65 percent of the CISOs surveyed, 21-30 percent of total cyber operations are outsourced, with nearly half (48 percent) of CISOs selecting insider threat detection as a top function that they turn to third parties to manage.
Chart Attribute:  Percentage of outsourced cybersecurity operations / Source: Figure 11, Page 13, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Chart Attribute:  Percentage of outsourced cybersecurity operations / Source: Figure 11, Page 13, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.
  • There's a disconnect between the majority (85 percent) of the survey respondents who indicate that they are using Agile/DevOps in application development and then ranking DevSecOps lowest (11 percent) on the cyber defense priorities and investments areas, which may explain why 90 percent of organizations surveyed experienced disclosures of sensitive production data within the past year.
  • Data integrity (35 percent) was the top-ranked cybersecurity threat survey respondents were most concerned about followed by unintended actions of well-meaning employees (32 percent) resulting in a negative event and technical vulnerabilities (31 percent).
Chart Attribute: Top three ranked most concerning cyber threats among total participants / Source: Figure 19, Page 23, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.

Chart Attribute: Top three ranked most concerning cyber threats among total participants / Source: Figure 19, Page 23, The future of cyber survey 2019 Cyber everywhere. Succeed anywhere, Deloitte.


"There's a whole new way of thinking that has to occur with how organizations are going to achieve their business outcomes, and that is with a cyber everywhere mindset. What surprised me most about the survey findings was how nascent this concept is in adoption," said Emily Mossburg, advise and implement leader for cyber risk services and principal in Deloitte & Touche LLP. "As organizations embrace digital transformation and are shifting to the cloud, simplifying technology infrastructure and outsourcing workload to third parties, they are also expanding their cyber risk. Cyber will become more prolific across systems, platforms, and people — employees, customers, and partners — and enterprise leadership has to correlate all of that to stay ahead of the adversary and protect the organization's most valuable assets."

Deloitte Cyber will be at the RSA Conference March 4–7, 2019 in San Francisco to discuss new approaches to address cyber threats and explore opportunities offered by cyber innovation and new technologies and to share the findings of the Future of Cyber survey.

Survey Methodology


The Deloitte 2019 Future of Cyber Survey was conducted in conjunction with Wakefield Research among 500 C-level executives who oversee cybersecurity at companies with $500 million or more in annual revenue including 100 CISOs, 100 CSOs, 100 CTOs, 100 CIOs, and 100 CROs.  The survey took place between January 9, 2019, and January 25, 2019, using an online survey tool.