About the research
EY conducted the study in March and April 2025, surveying 550 C-suite and cybersecurity leaders across 16 sectors and 19 countries. Building on findings from 2023 and 2024 studies, EY used statistical modelling to identify Secure Creators based on cybersecurity metrics including mean time to detect, mean time to respond, incident numbers, organisational integration and impact on innovation. Secure Creators comprised 47% of the survey sample, with Prone Enterprises making up 53%.
Organisations currently use a median of 35 different cyber tools, with 37% utilising over 50 cybersecurity tools. Technology rationalisation efforts are underway, with 23% of study respondents completing such initiatives in the past two years and 41% currently undertaking them. Similarly, 18% have simplified their technology platforms, with 41% in process.
Secure Creators operate with budgets 10% smaller on average than their peers while maintaining more advanced cybersecurity functions. They are also less likely to cite budgets as a key challenge, demonstrating the efficiency gains possible through strategic optimisation.
AI and machine learning deployment across cybersecurity priorities has decreased mean time to detect and mean time to respond by 28% on average. Six in 10 respondents report increased visibility across attack surfaces as a result of automation efforts.
