Companies face many difficulties in getting cybersecurity right as high-profile data breaches give a false sense of security or inadequate protection applied to systems in a given organization.  New norms like BYOD and rise in popularity of applications written in Node.js that have extensive dependencies on third-party packages have helped in protecting potential attack surface for IT security professionals.

The 2019 Deloitte Future of Cyber Survey that has respondents (C-level executives) from more than 500 companies, which have more than $500 million or more has annual revenue, has given a list of primary challenges faced during implementation of strong cybersecurity measures:


Inability to better prioritize cybersecurity risk across the enterprise

Around 30% of people who took part in the survey stated that they faced difficulties in prioritizing potential risks across their organization. With the increase in the volume of software vulnerabilities that companies are coming across, it is not surprising about their revelation, mainly because there is a significant increase in officially-designated vulnerabilities that coincide with a decreased understanding of them—and security landscape. The highly publicized vulnerabilities like Spectre and Meltdown that have a wide range require patching, as they are not actively exploited. The results of these exploits are moderately challenging to pull off.

Lack of management alignment on priorities

Studying the C-suite long enough to single out on a topic that does not bring in revenue can be a challenging task. This is according to 28% of respondents who claim lack of management alignment on priorities. According to a Risk Based Security report, 2018 was the second most active year on record for data breaches, so companies face higher-level risk than earlier.  

Lack of adequate funding

Some 26% of company representatives that took part in the survey indicated they face a shortage of funds for taking adequate cybersecurity measures, a problem that is prevalent among the C-suite. IT departments at large are scoffed, as they are not completely aware of the important and vital role the IT professionals play in their organization, or in digital economy across the world.


A Gartner report from November 2018 gave eight more reasons due to which CEOs could be fired over cybersecurity breaches. If the companies cannot understand the benefits of cyber security, they should contribute towards protecting the company as it may play a vital role in the survival of the company at a later stage. It becomes very important, especially if the management is very stingy about spending funds towards such security measures.

This is an IT problem, too

The approach followed by IT people can be blamed for the breaches. These software technicians rank applications like DevSecOps, as low as 11% among cyber defence priorities and investments, but prefer to use them. More than 85% of companies are using this particular software for application development.