Cybersecurity excellence is non-negotiable for today’s digital businesses.

Despite companies’ best efforts to uplevel cybersecurity in response to increasingly active and complex threats, there is a widening gap between those that are effective at cybersecurity practices and those still struggling to keep pace.

Just one in five CISOs and C-suite leaders consider their cybersecurity strategies effective for the challenges of today, let alone for tomorrow, according to an EY 2023 Global Cybersecurity Leadership Insights Study. Respondents said they confront an average of 44 significant cyber incidents annually, with three-quarters confirming it takes an average of six months or longer to detect and respond to incidents. With adversaries getting more sophisticated in the frequency and scale of attacks, it’s no wonder cybersecurity strategy remains an on-going concern.

As part of its research, EY teams categorized respondents into two camps: “Secure Creators,” which show cybersecurity leadership, and “Prone Enterprises,” their lower-performing counterparts. Secure Creators experience fewer cyber incidents, are quicker at detection and response, and are more likely to be satisfied with their approach (51% compared to only 36% of Prone Enterprises).

Secure Creators’ security advantage also translates into business benefits, including:

  • Ability to connect their cyber approach with positive impacts on transformation and innovation (56% vs. 25%)
  • More agile response to market opportunities (58% vs. 29%)
  • Proclivity for value creation as opposed to protecting value (63% vs. 42%)

What sets Secure Creators apart from Prone Enterprises? The EY study identified several critical behavioral differences where CIOs can play a pivotal role:

Simplify the cyber technology stack. Organizations keep adding new capabilities to their cybersecurity portfolio, but the scale and complexity can inhibit visibility and increase threats. “The more clutter you have in your technology environment, the harder it is to pick up signals and get on top of issues quickly,” says Richard Watson, EY Global and EY Asia-Pacific Cybersecurity Consulting Leader. EY professionals advise CIOs to simplify and rationalize existing cybersecurity technologies to reduce total cost of ownership, embrace automation and orchestration to streamline processes and accelerate responses, and consider managed services for further efficiencies.

Integrate cybersecurity into every level of the organization. Secure Creator CIOs build bridges across the organization to connect the C-suite, cybersecurity team, and the business at large while embedding cybersecurity operations into core business priorities and strategies. Communicating with the business, designing training to address knowledge gaps, and creating a shared understanding of risk with senior leadership give Secure Creators a leg up over Prone Enterprises.

Create strategies for managing attack surfaces across a hybrid landscape. Since there’s no longer a contained perimeter to secure, IT leaders must evolve cybersecurity strategies to manage complex attack surfaces across cloud, on-premises, and third parties. Embracing a shared responsibility model for cloud security, developing a holistic gameplan for rationalizing existing systems, and making full use of automation are critical steps. Secure Creators are also diligent about safeguarding their supply chain ecosystem, forging partnerships with operations leaders to ensure visibility across all potential attack surfaces and establishing cybersecurity as a component of vendor selection decisions.

The bottom line

Cybersecurity excellence is non-negotiable for any organization aiming to excel in the era of digital business. By emphasizing simplicity, holistic thinking, and integration of cybersecurity into the enterprise fabric, CIOs and CISOs can safely lead organizations into the next frontier.

Read the EY 2023 Global Cybersecurity Leadership Insights Study here:

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.