Press release
02 Oct 2023  | London, GB

Cyber leaders’ confidence in their organization’s defenses plummets, but costs mount

  • Just 1 in 5 respondents considers their organization’s approach to cyber to be effective
  • Annual spend on cyber hits US$35m with median cost for a breach expected to reach US$4m
  • 76% of respondents take six months or longer to detect and respond to an incident

While the number of cyber threats and associated costs are increasing, cybersecurity leaders appear to be struggling with the effectiveness of their organization’s defenses, according to the EY 2023 Global Cybersecurity Leadership Insights Study.

The survey of 500 cybersecurity leaders worldwide finds that just one in five considers their organization’s approach to be effective for current and future threats. Half of respondents also appear skeptical about the effectiveness of the training that their organizations provide and just 36% are satisfied with the levels of adoption of best practices by teams outside the IT department.

At the same time, cyber leader respondents report mounting costs associated with cybersecurity investment and an average of 44 cyber incidents in 2022. Chief information security officer (CISO) respondents report an average annual spend of US$35m on cybersecurity and that the median cost of a breach to their organization has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m.

Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) say their organizations take an average of six months or longer to detect and respond to an incident.

Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader, says:

“After all the time and money spent on cybersecurity, CISOs still feel very unprepared against cyber threats. The levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.”

Simplify to survive

The study finds that those organizations that are more satisfied with their approach to cybersecurity, experience fewer cyber incidents and can detect and respond to incidents quicker have certain common characteristics.

While 70% of these “Secure Creators” identified in the study, define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as artificial intelligence/machine learning (AI/ML) (62%) and Security, Orchestration, Automation and Response (SOAR) (52%) that allow them to have a clear line of sight of cybersecurity incidents. In addition, they have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners and through their supply chains. Respondents from these types of organizations appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%).

Finally, “Secure Creators” embed cybersecurity thinking and training from the C-suite down to the workforce. As a result, CISOs from these organizations say that their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%).

Watson says: “When it comes to technology, the more clutter an organization has in its armory, the harder it is to pick up signals and get on top of issues quickly. CISOs should focus not on bolting on new technologies but integrating existing ones better. Organizations are now inextricably and digitally linked to businesses in their supply chain. CISOs should champion thinning out supply chains, so they are dealing with fewer suppliers, and work to ensure that a cyber security lens is applied over them.

“It is the very scale and complexity of security measures and processes in an organization that pose the greatest threat to efficient cybersecurity. Instilling a culture of being brilliant at the basics of cybersecurity across the organization can prove to be the best defense.”

-ends-

Notes to editors

About EY

EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.

This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.

About the EY 2023 Global Cybersecurity Leadership Insight Study

In February and March 2023, the EY organization conducted research to better understand how companies are approaching their organization’s cybersecurity to prepare for the cybersecurity threats of today and tomorrow. EY professionals surveyed 500 C-suite and cybersecurity leaders across 19 different sectors and 25 countries covering the Americas, Asia-Pacific and EMEIA (Europe, the Middle East, India and Africa). Respondents represented organizations with more than US$1b in annual revenue.

Related news

Top 10 risks for telecommunications in 2025

As communications operators continue to manage an expanding array of threats, here’s the EY analysis of the 10 biggest risks they face in 2025. Learn more.

22 Jan 2025 Cédric Foray +1

Will the future of talent be shaped by the flow of an untethered workforce?

Work is less connected to old ideas of career, rewards and workplaces. Explore the EY 2024 Work Reimagined Survey for keys to a Talent Advantage.

11 Oct 2024 Roselyn Feinsod +2

How GenAI will help shape the global economy

Generative AI (GenAI) will make its mark in several distinct areas, from micro-level changes to macroeconomic shifts. Learn more.

01 Oct 2024 Marek Rozkrut

How a mobile workforce is shaping Pillar Two compliance

Explore the impact of remote work on Pillar Two compliance. Learn how to manage tax complexities. Read now.

02 Jul 2024 Rachel D'Argenio

How CHROs can leverage mobility to evolve workforce strategy

Learn why CHROs should consider the evolution of workforce mobility as a necessary path to better outcomes.

21 Jun 2024 Gerard Osei-Bonsu +1

How can rethinking your cloud strategy help you reshape your business?

Cloud is a powerful enabler and instigator of business transformation, but EY research shows that few successfully use it as a lever of change. Read more.

13 Jun 2024 Andrew Lowe +2

How Mobility functions can evolve and thrive with a workforce in flux

Mobility agility drives business resilience, reveals the EY 2024 Mobility Reimagined Survey. Learn how mobility functions can evolve to activate key drivers.

19 Apr 2024 Gerard Osei-Bonsu +1

How can the moments that threaten your transformation define its success?

Leaders that put humans at the center to navigate turning points are 12 times more likely to significantly improve transformation performance. Learn More.

15 Apr 2024 Errol Gardner +3

2023 EY Global Third-Party Risk Management Survey

The 2023 EY Global Third-Party Risk Management Survey highlights a growing demand for data-driven third-party risk assessment. Read more.

09 Oct 2023 Michael Giarrusso +2

Is your greatest risk the complexity of your cyber strategy?

Organizations face mounting cybersecurity challenges. The EY 2023 Global Cybersecurity Leadership Insights Study reveals how leaders respond. Read more.

01 Oct 2023 Richard Watson +1

How businesses can stand the test of time

Businesses are struggling to thrive in times of extreme uncertainty and complexity. Learn how your enterprise can build resilience as a capability. Learn more

16 Jun 2023 Tonny Dekker +1

Why enabling AI’s full value requires top-down thinking

To realize AI’s full potential, companies should develop AI capability in a way that is integrated and top down. Read more.

24 May 2023 Dan Diasio

Do you need a new digital path to reach the new digital customer?

Customers are changing faster than enterprises can track them. Organizations need to become more data-centric to catch up. Learn more.

25 Apr 2023 Jim Little +2

Six ways CFOs can increase the likelihood of transformation success

Transformation during uncertain times is critical. Success is more likely if CFOs can focus on six specific yet complex human factors. Learn more here.

18 Apr 2023 Ross Lacey +4

For CIOs, it’s about the people, not the technology

As the orchestrator of ecosystems, CIOs can connect people and technology to help transformations succeed. Learn More.

14 Apr 2023 Andrew Lowe

Why Chief Marketing Officers should be central to every transformation

Chief Marketing Officers are perfectly positioned to help other C-suite executives take their transformations to the next level.

31 Jan 2023 Pierre Beaufils

How to manage the talent risk in transformation

A multitude of talent risks can hinder transformation. CROs can mitigate those risks and help build a resilient workforce. Read more.

15 Dec 2022 Rui Bastos +1

Top 10 opportunities for technology companies in 2023

In a volatile business environment, will the bold be rewarded? Now is the time to invest and test the waters with new business models. Read more.

07 Dec 2022 Ken Englund +2

The CIO Imperative: How does technology underpin ecosystem transformation?

Ecosystems play a critical role in accelerating transformation and maximizing value; CIOs must shape the tech strategy to drive success. Find out how.

02 Dec 2022 Greg Sarafin +2

Quantum computing 5 steps to take now

Quantum computing promises to transform the world. Organizations are moving now to harness quantum and assess its opportunities and risks. Learn more.

21 Nov 2022 Beatriz Sanz Sáiz +2
    You are visiting EY main (en)
    main en