Insights into why cybersecurity and resilience are at the top of the executive agenda

A dynamic and dangerous landscape

Over the last 18 months, in the U.S. alone, we have witnessed cybersecurity breaches of everything from the U.S. Treasury to our trial courts. America’s Cybersecurity and Infrastructure Security Agency (CISA) was itself compromised.

In addition to dozens of compromises of major corporations and public entities, whether through systems or supply chains, this last year has seen vulnerabilities tied to the largest global technology firms, core security firms, and a range of software and service providers.

These risks are compounded by the rise and rapid proliferation of cloud services (with their attendant “shared fate” and responsibility models), remote software as a service (SaaS) platforms, extended third-party provider networks (subject to lowest common denominator vulnerabilities) and, of course, artificial intelligence—where we have seen AI “leaks” and exposures in solutions ranging from chatbots to LLMs.

Amid this remarkable, now often AI-fueled barrage, cybersecurity experts rightly advise that we “assume constant breach.”

Insights from across the globe

It is with this emerging and dynamic threat landscape in mind that I digested with interest findings from the 2025 Voice of Our Clients, in which we synthesize direct feedback from more than 1,800 business and IT executives worldwide.

I engaged in a handful of these conversations, interviewing CIOs and business leaders in education, retail, and manufacturing.

Cybersecurity, data protection and risk management ranked within the top 5 areas of importance across global industry trends and business and IT priorities. Indeed, respondents this year characterized security and compliance as drivers of their core modernization work, which makes sense given the risks to businesses represented by mounting technical debt.

Across industries, cybersecurity and data protection command substantial mindshare and investment even as AI dominates the news cycle. No company or public entity wants to be next in the pantheon of cyber breaches. It is especially instructive to examine responses from those who are producing expected results from their digital strategies—we categorize these executives as the “digital leaders.”

We found that digital leaders in manufacturing rely on mature industry security frameworks. In energy and utilities, digital leaders prioritize data, workforce, and security readiness—also leveraging AI, cybersecurity and modernization to deliver value, stay compliant, and reinforce their supply chains.

In the public sector, particularly among federal and central government respondents, we see that securing legacy systems and maintaining cyber vigilance in a geopolitical environment is critical to safeguarding sensitive data, addressing evolving threats (including from nation state actors) and sustaining citizen confidence in digital services.

Communications firms are becoming next-gen digital service providers, weaving network security into their value-added services, ranging from identity management and privilege consent to encryption and firewalls.

The importance of threat avoidance

Around the world, we actively are securing clients’ internal and externally facing systems and infrastructure, whether we are collaborating with nuclear facilities, municipal systems, or manufacturers’ Information Technology (IT) and Operational Technology (OT).

We recognize that cybersecurity attacks are increasingly sophisticated. Data breaches cost companies millions. Risks are, if anything, commoditized; AI represents a growing attack vector, with workloads subject to critical vulnerabilities; and identity-based attacks are on the rise.

While the global cyber threat landscape is both “dangerous and complex,” many of the most effective responses are deceptively simple, amounting to basic security hygiene in patching and attention to the fundamentals.

Lapses all too often arise from human error (which Gartner suggested was at the root of 99% of firewall breaches in 2023). This includes:

• use of default passwords
• weak credentials 
• data oversharing
• default cloud and service account configurations, often with elevated permissions.

We have seen gaps in readiness: inadequate access controls, absence of multi-factor authentication, neglect of authentication logs. Companies face misconfigurations in everything from firewalls to blob storage containers—cloud systems accidentally being set to public instead of private, for example—not to mention predictable prevalence of human susceptibility to phishing, vishing, and more.

In my own conversations with clients, I spend a lot of time bringing forward lessons learned and best practices from our work with organizations in the U.S. and across our global operations. We advise both public and private sector clients on AI guardrails and mechanisms to protect against breaches and intrusions. And we offer 24 by 7 monitoring and security operations services every day of the year for public entities and businesses ranging from mid-market companies to global powerhouses.

Available to engage with you and your teams

We deliver a range of advisory and operations services tied to ensuring and protecting trusted digital identities, effectively managing digital risks, building modern, proactive digital security operations, and operating and transforming securely with pace and confidence (including via hyper-automation and DevSecOps).

Our cybersecurity capabilities align with key needs across industries and can be adapted to the specifics of each client’s maturity, environment, and challenges.

I am happy to engage locally or to guide you to my colleagues in your geography to explore how we can help you meet today’s cybersecurity challenges and those on the horizon.