• Just 1 in 5 respondents considers their organization’s approach to cyber to be effective
• Annual spend on cyber hits US$35m with median cost for a breach expected to reach US$4m
• 76% of respondents take six months or longer to detect and respond to an incident
While the number of cyber threats and associated costs are increasing, cybersecurity leaders appear to be struggling with the effectiveness of their organization’s defenses, according to the EY 2023 Global Cybersecurity Leadership Insight Study.
The survey of 500 cybersecurity leaders worldwide finds that just one in five considers their organization’s approach to be effective for current and future threats. Half of respondents also appear skeptical about the effectiveness of the training that their organizations provide and just 36% are satisfied with the levels of adoption of best practices by teams outside the IT department.
At the same time, cyber leader respondents report mounting costs associated with cybersecurity investment and an average of 44 cyber incidents in 2022. Chief information security officer (CISO) respondents report an average annual spend of US$35m on cybersecurity and that the median cost of a breach to their organization has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m.
Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) say their organizations take an average of six months or longer to detect and respond to an incident.
Catalina Dodu, Consulting Service Line Leader in Romania and Cybersecurity Leader EY South Cluster: “With such an increase in type, complexity, and number of attacks we see CISOs still feeling unprepared against those cyber threats.
It is not only about how big is the investment in protecting organizations but more about how well the value is extracted from specific intelligent solutions.
Efficient cybersecurity is what should be our aim – better integration and use of cybersecurity technologies altogether with a culture of being exceptional at the basics of cybersecurity is what can make a difference in protecting organizations.”
Simplify to survive
The study finds that those organizations that are more satisfied with their approach to cybersecurity, experience fewer cyber incidents, and can detect and respond to incidents quicker have certain common characteristics.
While 70% of these “Secure Creators” identified in the study, define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as artificial intelligence/machine learning (AI/ML) (62%) and Security, Orchestration, Automation and Response (SOAR) (52%) that allow them to have a clear line of sight of cybersecurity incidents. In addition, they have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners, and their supply chains. Respondents from these types of organizations appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%).
Finally, “Secure Creators” embed cybersecurity thinking and training from the C-suite down to the workforce. As a result, CISOs from these organizations say that their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%).
About EY Romania
EY is one of the world's leading professional services firms with 395,442 employees in more than 700 offices across 150 countries, and revenues of approx. $49.4 billion in the financial year that ended on 30 June 2023. Our network is the most integrated worldwide, and its resources help us provide our clients with services allowing them to take advantage of opportunities anywhere in the world.
With a presence in Romania ever since 1992, EY provides, through its more than 900 employees in Romania and the Republic of Moldova, integrated services in assurance, tax, strategy, and transactions, and consulting to clients ranging from multinationals to local companies.
Our offices are based in Bucharest, Cluj-Napoca, Timisoara, Iasi, and Chisinau. In 2014, EY Romania joined the only global competition dedicated to entrepreneurship, EY Entrepreneur Of The Year. The winner of the national award represents Romania at the world final taking place every year in June, at Monte Carlo. The title of World Entrepreneur Of The Year is awarded in the world final. For more information, please visit: www.ey.com
About the EY 2023 Global Cybersecurity Leadership Insight Study
In February and March 2023, the EY organization conducted research to better understand how companies are approaching their organization’s cybersecurity to prepare for the cybersecurity threats of today and tomorrow. EY professionals surveyed 500 C-suite and cybersecurity leaders across 19 different sectors and 25 countries covering the Americas, Asia-Pacific, and EMEIA (Europe, the Middle East, India, and Africa). Respondents represented organizations with more than US$1 billion in annual revenue.
