When preparing for imminent threats, increased cybersecurity spending is a significant telltale. In honor of Veterans Day, here is a fitting analogy. In the military, changes in routine sometimes ring warning bells among the troops. As a veteran once shared, during WWII, the unit could expect trouble the next day if they were served steak and eggs—the last good meal for a while. Similarly, 57% of organizations in Deloitte’s latest cyber report foresee increasing their cybersecurity budgets in the coming years—a clear sign of existing and gathering concerns.
The “Global Future of Cyber Survey, 4th Edition,” underscores that today’s complex threat landscape is reshaping how organizations prepare for cyber defense. The report, a comprehensive examination of nearly 1,200 C-suite leaders worldwide, reveals growing investment in cybersecurity, a deepened role for Chief Information Security Officers (CISOs), and a push for AI-driven resilience.
“The rise of AI and other evolving technologies has significantly transformed the threat landscape. As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritization and mitigation,” says Emily Mossburg, Deloitte Global Cyber Leader.
The rest of our takeaway follows; you can read the report here.
Rising Cybersecurity Spending Amidst Expanding Threats
The central theme of the report is the marked shift in budgets. Over half of respondents expect to increase cybersecurity spending in the next 12 to 24 months. This response to escalating threats reflects growing recognition that cybersecurity is essential to preserving business integrity and supporting technological initiatives. Furthermore, organizations are moving to merge cyber budgets with other strategic areas, such as cloud and digital transformation initiatives.
The heightened investment serves a dual purpose: protecting existing systems and ensuring organizational resilience. As cyber threats become more sophisticated, especially with advancements in artificial intelligence, it’s clear that cybersecurity is no longer an afterthought but a proactive component of organizational strategy.
The Growing Role of the CISO
The CISO’s influence is evolving, moving beyond traditional boundaries into core business conversations. Deloitte’s report shows that 20% of organizations now have CISOs reporting directly to their CEOs, a significant step up from reporting to CIOs or CTOs. This change indicates that cybersecurity is increasingly viewed as integral to broader strategic decision-making rather than merely an IT function.
The report highlights how CISOs are being invited into strategic conversations around key technology areas, including cloud infrastructure, AI capabilities, and data analytics. By involving CISOs early on, organizations are better equipped to design security by default, making cybersecurity a built-in feature of new initiatives rather than an afterthought.
Cyber Maturity: A Defining Trait of Resilient Organizations
Deloitte categorizes organizations based on “cyber maturity”—their readiness and resilience against cyber threats. High-cyber-maturity organizations are notably better at achieving positive business outcomes and report more robust threat-detection capabilities than their lower-maturity counterparts. These mature entities are nearly twice as likely to anticipate successful business outcomes from their cyber programs, such as improved operational efficiency and enhanced threat response.
While all organizations face cyber risks, mature organizations proactively integrate cybersecurity across departments, fostering resilience. These groups frequently report incidents, reflecting their robust detection systems, which enable rapid response and minimize operational downtime.
Artificial Intelligence: A Double-Edged Sword
While valuable for strengthening defenses, AI also introduces new vulnerabilities. The survey reveals that 39% of respondents are implementing AI in their cybersecurity programs to a significant extent, utilizing capabilities like real-time monitoring, threat response automation, and advanced simulations. However, as AI-generated threats rise, organizations recognize the need to adapt their defenses to manage these emerging risks.
High-cyber-maturity organizations focus on addressing AI-related challenges, such as explainability, data poisoning, and algorithmic integrity. By preparing for AI risks, these organizations are positioning themselves to counteract increasingly sophisticated cyber threats, ensuring that their use of AI remains safe and reliable. Cybersecurity spending in this area is critical.
Operational Disruptions and Brand Risks: The Cost of Cyber Incidents
The financial and reputational impact of cyber incidents is a prominent theme in Deloitte’s report. Among surveyed leaders, loss of confidence in technology integrity ranks as the top concern, followed closely by operational disruptions and reputational damage. This emphasis on reputational risk highlights that cybersecurity incidents are not just technical issues—they have tangible effects on customer trust and brand value.
High-maturity organizations are acutely aware of these consequences, investing heavily in cybersecurity to protect their brand and ensure continuity. As cyber threats grow more complex, protecting an organization’s reputation has become a critical motivator for comprehensive security strategies.
Cyber-Integrated Business Transformation
In the digital-first era, cybersecurity is merging with business transformation efforts. Deloitte’s findings reveal that 58% of organizations expect to integrate cybersecurity budgets with other business initiatives. This holistic approach underscores the importance of a unified cyber strategy to support initiatives across digital ecosystems, cloud investments, and AI-driven transformation.
Organizations are also implementing identity management, zero-trust models, and regular threat intelligence sharing to secure cloud and other digital ecosystems. High-cyber-maturity organizations are leading this integration, leveraging cybersecurity to enable and secure their digital transformations.
Looking to the Future: Thriving in an Evolving Cyber Landscape
As the cyber landscape evolves, organizations must focus on achieving higher levels of cyber maturity. By integrating cybersecurity across strategic operations, they build resilience against future threats, positioning themselves as leaders in both innovation and security.
Other News: Think Your CISO is Ready to Run an Incident Response Plan? Think Again, Says Coalition (Opens in a new browser tab).
Other News: City of Sheboygan investigating ransomware attack.
