Cyber Mastery Matrix Securing your enterprise against the next attack 2020
1
The digital landscape
Enterprises that have successfully leveraged technology to drive a fundamental transformation of their business have a considerable ‘Digital Advantage’. This advantage significantly improves their business performance and puts them one step ahead of their competitors. Digital maturity’s impact on performance comes from enabling improvements in efficiency, revenue growth, product or service quality, customer satisfaction, and employee engagement—as well as by prompting a greater focus on growth and innovation1. Mature enterprises enjoy a wide range of specific benefits arising from their digital ecosystem that include, but go well beyond, the bottom line. As per the 2020 Digital Transformation Survey conducted by Deloitte, enterprises with high digital maturity were about three times more likely to report that their annual net revenue growth and profit margins were significantly higher than the industry average. This was opposed to enterprises with lower digital maturity - a pattern that held true across industries.
Higher-maturity companies reported industry-leading revenue growth and profit margins
Net revenue growth 15% 15% 45%
Maturity Lower Medium Higher
Net profit margin 15% 31% 43%
Percentage of respondents reporting metrics significantly above industry average, by level of digital maturity Note: Comparisons to industry averages were self-reported by the respondents Source: Deloitte analysis.
2
High digital maturity is a goal that enterprises should strive towards, but what are the key factors which decision-makers need to consider to set their enterprise on the path towards this goal?
Widening your focus While capturing the image of growth through the lens of digital maturity, there is often an out-of-focus part of the picture that can tarnish the final outcome. The blurry section is the cybersecurity of the enterprise that, if compromised, can hamper its growth. For an enterprise to obtain digital maturity, it must widen its focus by treating cybersecurity as a strategic objective and leveraging it to power transformation.
Consider a likely scenario: You are busy with a product launch, when you are suddenly pulled into an emergency meeting with senior officials. You are informed that there has been a massive cyberattack on the enterprise’s data center. This has led to a breach of sensitive data regarding new products and proceedings. It might damage your enterprise’s reputation in the investor community and the market. The next step to mitigate the crisis is in your hands.
The data below provides a view of the growing concern regarding cybersecurity:
32 percent of 500
C-suite executives defined the most concerning cyber threat as actions of wellmeaning employees. This is among the top three concerns, and even trumps technical vulnerabilities which stands at 31 percent.2
Deloitte estimates that some cybercrime businesses can be operated for as little as
US $34 a month and could return up to US $25,000, while others may routinely require nearly US $3,800 a month and could return up to US $1 million per month. The ratio of low cost to high impact and ease of access for the adversary will continue to attract the novice criminal to the sophisticated attacker.3
A large-sized organisation in India incurs an average economic loss of
US $10.3
million
from cyberattacks, whereas a mid-sized organisation incurs an average loss of US$ 11,000.4
Senior leaders, board members, and investors are understanding the severe financial, reputational and regulatory implications of excluding cybersecurity from their growth plans. The increasing importance of cybersecurity has also caused the Government of India to put in place regulations for its management, as mentioned below: • National Cyber Security Strategy (2020) • National Cyber Security Policy (2020) • Amendment to the Information Technology (IT) Act, 2000 With cybersecurity gradually becoming a focal point for enterprises and governments alike, we at Risk Advisory have designed a holistic service offering to make your enterprise and its employees resilient in the face of impending cyberattacks.
3
Cybersecurity through the Deloitte lens Deloitte believes that your path to a cybersecure future beings with preparing employees at all levels today to overcome the challenges of tomorrow. Introducing the Cyber Mastery Matrix, our suite of tailored solutions that empower you to conquer all the dimensions of cybersecurity. The Cyber Mastery Matrix embeds cyber in the DNA of your enterprise’s strategy, and gives it the prioritisation and reporting it deserves. By catering to the varying cybersecurity needs of different employee groups in your enterprise, it fosters a sustainable security culture that increases your cyber maturity as a whole.
OUR SERVICE PORTFOLIO Cyber Wargame
Cyber Academy
When dealing with a cyberattack, it is imperative that the leadership and technical team, CISO’s and other stakeholders are prepared to respond effectively. Our immersive Cyber Wargame simulation enables the enterprise’s leaders to respond to a cyberattack based on realworld cases in a secure environment, and helps analyse their enterprise preparedness levels.
As attackers are increasingly targeting employees for access into their enterprise’s IT networks, it is crucial to focus on the enterprise’s Awareness Maturity Model. Our state-of-the-art awareness program helps you adapt a robust metrics framework with carefully designed videos and interactive sessions, to build a security-driven business culture in your enterprise.
Cyber Transcend
As threat actors are rapidly incorporating new technologies and utilising complex methods to launch attacks, it has become crucial for cybersecurity professionals to stay one step ahead. Cyber Transcend uses a simulation based, risk-free, and controlled environment for the senior management, IT professionals, and cybersecurity teams to experience real-world threat scenarios. It empowers your teams to work as a cohesive unit and increases preparedness to combat cyberattacks of the future.
Our comprehensive services will empower your employees to fortify the resilience of your enterprise and recover from cyberattacks with minimal damage. The Cyber Mastery Matrix executes our belief that cybersecurity can be leveraged to transform employees at every level of an enterprise into forward-looking growth enablers. References 1. 2. 3. 4.
4
Uncovering the connection between digital maturity and financial performance – Deloitte Insights Deloitte Future of Cyber Survey 2019 Deloitte Black Market Ecosystem: Estimating the cost of ownership India Cybersecurity Services Landscape report by Data Security Council of India (DSCI).
KEY CONTACTS ROHIT MAHAJAN President – Risk Advisory rmahajan@deloitte.com
ANAND TIWARI Partner, Risk Advisory anandtiwari@deloitte.com
AMIT VERMA Director, Risk Advisory vermaamit@deloitte.com
West ASHISH SHARMA Partner, Risk Advisory sashish@deloitte.com
South GAURAV SHUKLA Partner, Risk Advisory shuklagaurav@deloitte.com
REGIONAL CONTACTS North and East GAUTAM KAPOOR Partner, Risk Advisory gkapoor@deloitte.com
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www. deloitte.com/about for a more detailed description of DTTL and its member firms. This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP). This material (including any information contained in it) is intended to provide general information on a particular subject(s) and is not an exhaustive treatment of such subject(s) or a substitute to obtaining professional services or advice. This material may contain information sourced from publicly available information or other third party sources. DTTILLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. None of DTTILLP, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this material, rendering any kind of investment, legal or other professional advice or services. You should seek specific advice of the relevant professional(s) for these kind of services. This material or information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person or entity by reason of access to, use of or reliance on, this material. By using this material or any information contained in it, the user accepts this entire notice and terms of use. ©2020 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited
5