A new era of cyber: Enhancing business value through cybersecurity integration

This highlights a growing value of cybersecurity and the necessity for organisations to acquire cyber maturity—i.e., having readiness and capabilities to protect against cyberattacks. However, it is easier said than done. Having an in-depth understanding of how high-cyber-maturity organisations approach cybersecurity can provide insights and serve as a stepping-stone for us to follow and reach cyber maturity.

Deloitte has conducted a global survey in late 2024 with responses from nearly 1,200 leaders in various industries worldwide to share their views on cybersecurity, enterprise activities, and future initiatives. We have found that, amongst high-cyber-maturity organisations, 83% reported that cybersecurity is not just a reactive measure but a proactive, integral part of the organisation’s strategic business, technology, and operational framework. And more than 80% of respondents say they are integrating privacy considerations into the early stages of product development, which can help safeguard customer data and foster greater digital trust.

As cyber strategies and business administration have become closely intertwined, spending on cybersecurity is expected to be on the rise and integrated with other budgets for initiatives such as digital transformation, IT programs, and cloud investments. On average, overall respondents are spending between US$147 million and US$266 million annually on IT. Of that, 19% (US$39 million) is allocated for cybersecurity-related activities, and respondents expect to increase that by 3% in the next 12-24 months. This is in line with Deloitte Thailand’s Digital Transformation Survey 2024, which reflects that the majority of Thai firms (nearly 60%) have invested in or plan to invest in cybersecurity, a facet being invested in the most compared to the other elements of digital transformation. 

Although cybersecurity investments are becoming bigger, the business outcomes or benefits are also growing stronger. Some of those benefits include ensuring organisational resiliency (76%), improving threat detection and response (74%), and protecting intellectual property stature (74%)—three areas in which the expectations of respondents in high-cyber-maturity organisations stand far apart compared to low-cyber-maturity groups.

Seeing that the business value is tightly knit with cybersecurity, the roles and responsibilities of the chief information security officer (CISO) are thus evolving and becoming more essential. Roughly one-third of respondents said CISO involvement had significantly increased in the past year when it came to strategic conversations about cloud, AI/cognitive computing, GenAI, data analytics, 5G, and customer identity and access management capabilities. And when it comes to strategy conversations around technology capabilities, compared to the low-cyber-maturity group, the high-cyber-maturity group is 2.3 times more likely to say that involvement by their CISO or cybersecurity leader has significantly increased.

As the CISO’s voice of influence grows across leadership, and as organisations seek to become more cyber-savvy, we foresee them becoming an essential partner to advise and educate the board of directors and the C-suite on security vulnerabilities, risk scenarios, and actions needed for greater resilience. In the future, the CISO will be expected to not only lead the organisation’s overall cybersecurity strategy, but will also provide strategic guidance, collaborating closely with other C-suite executives to align security initiatives with business goals.

Nevertheless, despite the growing focus on cybersecurity and the evolving roles and the CISO, only about half (52%) of all respondents are very confident in the C-suite and board’s ability to confidently navigate today’s complex cyber environment. This indicates that the path to cyber maturity is ongoing and that we all need to be prepared to elevate cybersecurity across the enterprise.

Drawing from the insights elicited from our cyber survey, we, Deloitte, recommend three potential steps that organisations can make strides toward greater cyber maturity and set themselves apart from their peers.

1.    Elevate the cyber essentials, foster collaboration, and build greater resilience: As the focus on cybersecurity intensifies, leaders should recognise that cybersecurity is not just an IT issue; it is a business-critical issue that calls for integration across all functions and levels of the organisation. Thus, collaboration, information-sharing, and decision-making where business needs intersect with cybersecurity should be enhanced, so that organisations can better protect their critical assets and their reputation and become more resilient in an increasingly digital world.  

2.    Increase engagement and savvy among leadership, from the CISO to the rest of the C-suite and the board: Since cybersecurity is a top risk for organisations, C-suite and board must engage regularly for its management and oversight and ensure that the CISO is actively involved in strategic conversations about technology capabilities and the business.

3.    Make deliberate efforts to align budgets with strategic objectives and governance frameworks: Cybersecurity budgets should become more integrated with budgets for other digital transformation investments, suggesting that more departments may include cybersecurity in their funding plans going forward. This integrated approach can produce more effective strategies and outcomes, as it ensures everyone understands the importance of cybersecurity, invests appropriately, and works towards a common goal.

The article is written by Parichart Jiravachara, Cyber Partner, Deloitte Thailand and Pongbodin Amarinthnukrowh, Senior Consultant, Growth, Deloitte Thailand.