In discussing EY’s recently released Global Information Security Survey with the firm’s Americas Cybersecurity leaders, TBR heard a compelling case for an industry-led approach to anticipating the future of cybersecurity and overall risk. The EY leaders noted the firm echoes its overall industry-led go-to-market approach in cybersecurity, adding that understanding security gaps to be addressed by a company in contrast to security gaps necessarily tackled by the industry as a whole could be the key to properly meeting clients’ current and future cybersecurity risks. Anticipating future cybersecurity needs within the context of an industry’s specific emerging trends — think cars becoming connected, forcing auto manufacturers into the software and connectivity business — could help clients answer their most frequent question, “How do I make smart capital allocation decisions with respect to cyber?”
Echoing sentiments TBR has heard from other consultancies, most notably PwC and Accenture, the EY leaders added that clients increasingly want to know more than just what is best in breed and what minimally meets regulatory requirements. Clients ask what cybersecurity startups and technology-centric companies have developed, what best practices can be learned across multiple industries, and, tellingly for EY and its competitors, what EY can bring to the table. On the last point, TBR has seen a substantial shift in the way EY develops and deploys technology, particularly cross-practice solutions (such as cybersecurity within a supply chain engagement). As we reported from Toronto this summer and the previous year in New York City, EY has fully embraced consulting in an assets-based digital transformation age.
Still to come: How EY will utilize the findings from its survey to move the needle on boards allocating more resources to cybersecurity, and how the firm will attract, train and retain cybersecurity talent, particularly as nontraditional vendors increasingly move into EY’s cybersecurity space.