According to Deloitte's "2023 Future of Cyber" survey, many U.S. executives turn to cybersecurity programs to enable business strategy.

The majority of U.S. executives surveyed say their organizations contended with at least one cyber event in 2022 (97%) and over half experienced more than five events in the past year (56%).

In parallel with the increasing prevalence of cyber issues, the convergence toward digital transformation and technology modernization provides an impetus for positive change, but it also creates unintended pathways to risks, vulnerabilities, attacks and failures. 

At least half of the U.S. survey respondents state that building trust with customers and employees (53%) and enhancing risk management strategies (50%) are foundational for success, as well as a major factor in cultivating business for sustained growth. As such, cyber continues to be a critical business enabler for innovation and evolution, as well as a mechanism to incorporate risk mitigation across the organization.

U.S. leaders say the top business strategies that are most positively impacted by cyber investments include brand reputation improvement (44%), technology integrity confidence-building (42%), and intellectual property theft minimization (41%). Conversely, respondents report that the top concerns resulting from a cyber incident are loss of customer trust (29%), loss of intellectual property (29%), revenue loss (27%) and reputational loss (27%). 

"Organizational leaders understand the competitive advantages they can reap from strong cyber programs that are treated as a business imperative," said Deborah Golden, Deloitte Risk & Financial Advisory's U.S. Cyber & Strategic Risk leader and principal, Deloitte & Touche LLP. "Integrating a robust cyber program aligned with current and future business strategies is critical to building and restoring trust, spearheading and evolving business, and establishing future-forward approaches — each aimed at increasing organizational value with outcome-focused objectives. With a unified approach grounded in cyber resilience, organizations can differentiate themselves and be agile enough to seize future opportunities — in a world where customer trust enhances the gateway towards digital evolution."

Some key observations from this survey include:

• Cyber governance is the hallmark of successful cyber programs

Cyber continues to be on the agenda for governing entities, including audit committees and U.S. boards, with over 45% of the respondents indicating that cyber topics are discussed on a monthly basis, and with 16% addressing them on a weekly basis. Beyond board-level attention, respondents also indicate that they leverage collaborative, governing entities consisting of business and technology leaders to oversee the cybersecurity program (43%) and annual cybersecurity plan updates (43%). U.S. executives also report that lack of management alignment (41%), lack of adequate funding (36%), lack of executive support (35%) and inadequate governance (34%) are the top challenges to effective cyber program management.

• Cyber is integral to digital transformation and emerging technology

Looking ahead at the next three-to-five years, surveyed U.S. executives see cyber — inclusive of and beyond security enablement — as crucial to digital transformation efforts. The areas in which respondents say cyber is most integral to emerging tech implementations include: 5G (49%), cloud (48%), IoT (41%), AI and cognitive computing (40%), and blockchain and cryptocurrency (40%).

• "Privacy by Design" and "Trust by Design" place cybersecurity as a key enabler for driving customer centricity and trust, while generating innovative products and service capabilities

Ongoing, voice-of-customer input to data privacy (61%) and comprehensive plans to protect data (61%) have been implemented by over half of the surveyed leaders. This continues to highlight the importance of privacy, as well as the need to provide education to customers on these topics to help limit the impact on trust and the probability of reoccurrence.

• Diverse cyber talent, with an established inclusive culture, will continue to be a competitive edge

Surveyed executives are working to engage, retain and develop existing cyber talent, primarily through offering training and certification programs (56%), flexible working options (54%), specialized career paths (49%), international mobility opportunities (44%) and differentiated compensation models (43%). Also, more than 30% of the U.S. executives indicate that lack of cybersecurity talent is their top concern.

"Digital transformation is imperative to many organizations' strategic growth initiatives, providing opportunities for cybersecurity to be the foundation for business enablement and resilience while also enabling innovation with a focus on enhanced customer trust," continued Golden. "With security built into ideation and implementation, secure, intelligent operations can be established — ultimately providing seamless integration of these technologies with business-critical initiatives throughout the enterprise."

Golden concluded, "Organizational leaders should leverage cyber to bring value and competitive advantage to the enterprise — looking to solve unpredictable situations with an evolved approach where organizations pivot to mitigate current threats while sustaining organizational resilience, and also remaining vigilant for future opportunities."