#Japan #Cybersecurity #Tokyo #EY #CISO

EY's Transformative Cybersecurity Insights

In a rapidly evolving digital landscape, the boundaries of cybersecurity are expanding beyond traditional protective measures to emerge as a critical driver of business value. The recently published "EY Global Cybersecurity Leadership Insights Study 2025" presents compelling findings on how cybersecurity departments across various industries are substantially contributing to value creation and strategic decision-making within firms.

The study surveyed 551 executives and cybersecurity leaders from companies generating annual revenues exceeding $1 billion across 19 countries, including the United States, Japan, Asia-Pacific, and EMEIA (Europe, Middle East, India, and Africa). The insights derived from this global outreach reveal significant trends: cybersecurity is no longer just a defensive strategy but a powerful enabler of business growth and innovation.

One of the standout findings indicates that cybersecurity departments create an average of $36 million in added value per project, representing about 11-20% of their value contribution to critical business initiatives, like developing new products, enhancing customer experiences, and driving company-wide transformations. Yet, it's noteworthy that the proportion of cybersecurity budgets relative to revenue has declined from 1.1% to 0.6% over the past two years, signaling a need for reevaluation of resource allocation.

Despite the growing importance of cybersecurity, only 13% of Chief Information Security Officers (CISOs) reported being consulted during the early stages of urgent strategic decision-making. Alarmingly, 58% of CISOs expressed that articulating the value of cybersecurity beyond risk mitigation remains a challenge. This underscores a gap between the potential value cybersecurity can provide and the perception of its role within organizations.

To bridge this gap, the report emphasizes the importance of CISOs integrating themselves earlier in decision-making processes. By doing so, they can unlock new value across the enterprise, providing quantitative assessments of the cost optimization benefits gained through cybersecurity automation and simplification. Interestingly, leveraging AI in cybersecurity practices is projected to yield an annual cost reduction median of $1.7 million per business, showcasing AI's integral role in enhancing operational efficiency.

Many organizations are advancing their efficiency and visibility through integration and automation tools, which eliminate redundancies and streamline operations. The report also highlights priorities in AI investments directed towards detection, monitoring, and proactive risk management, reflecting a desire for agile responses to threats and preventive measures against potential risks.

Strategies for CISO Empowerment

To enable CISOs to exert greater influence in strategic decision-making processes, the study outlines three crucial actions:

1. Reimagine the CISO Role: CISOs must evolve from their traditional technical positions to become strategic value creators, crucial for companywide security.

2. Reassess Budget Allocations: CISOs need to position the cybersecurity department as an essential contributor to value enhancement while making informed decisions regarding budget distribution.

3. Advocate for AI Integration: Establishing a role as a strategic partner in AI implementation helps CISOs earn trust within the organization, allowing for greater influence in transformative efforts.

According to Maki Ogawa, the Cybersecurity Co-Leader at EY Strategy and Consulting, "This study demonstrates that cybersecurity is evolving from merely a defensive function to a core pillar of value creation in corporate growth strategies. When CISOs are involved from the early stages of strategic decision-making, security becomes an integrated component of business plans, allowing for rapid deployment of initiatives and the establishment of trust with clients."

He continued, "However, the current reality shows that many companies still do not involve their CISOs sufficiently in strategic decisions compared to other CxOs. Highlighting the success factors observed in high-performing CISOs, EY has organized these insights into frameworks. As more companies realize the balance of cost optimization and speed through technology integration and AI adoption, the significance of the CISO role is poised to increase substantially."

For more detailed findings, you can access the complete report here.

About EY

EY aims to create new value for clients, its members, society, and the planet, striving for better social outcomes through trust in capital markets. Leveraging data, AI, and advanced technology, EY's teams assist clients in shaping their future with confidence by addressing immediate challenges. EY operates across the full spectrum of Assurance, Consulting, Tax, Strategy, and Transaction services, providing solutions backed by industry insights and global networks across more than 150 countries and regions.

All in to shape the future with confidence.