Amid the backdrop of COVID-19, PwC has released the latest instalment in its Digital Trust Insights series - 'Global Digital Trust Insights 2021: Cybersecurity comes of age - insights into what’s changing and what’s next in cybersecurity'. The report is gathered from a survey of 3,249 business and technology executives from around the world.
The feedback from survey respondents was focused on five key areas: updating cyber strategy, future proofing cyber teams, getting the most out of cyber budgets, investing to level the playing field against attackers, and building resilience.
Updating cyber strategy
An overwhelming 96% of the respondents, said they’ll shift their cybersecurity strategy due to COVID-19, with 50% now saying they are more likely now to consider cybersecurity in every business decision up from 25% last year. In addition, 51% of CEOs stated they are more likely to have frequent interactions with the Chief Information Security Officer (CISO). In the pandemic’s first three months, CEOs reported, their organisations were accelerating digitisation at a surprising speed, advancing to year two or three of their five-year plans.
“Given the unprecedented impacts of COVID-19 - many organisations had to re-think and re-frame their cybersecurity strategies," said Sean Joyce, Global Cybersecurity, Privacy, and Forensics leader at PwC US. "The evolving role of a CISO and their importance to the organisation has never been more critical to both its survival and growth. It is important for CISOs to balance the nuances of technology and business requirements, while supporting the organisation in their cyber strategy."
Doing things faster and more efficiently is the top digital ambition for 29% of executives, while 31% are modernising with new capabilities. More than one-third (35%) say they’re speeding up automation to cut costs.
Help wanted! Future-proofing cyber teams
With 3.5 million cyber security jobs to be filled in 2021 - the one problem plaguing the cybersecurity industry is a lack of skilled workers. Fifty-one percent of executives in the survey said they plan to add full-time cybersecurity personnel over the next year, with more than 22% saying they will increase staffing by 5% or more.
The top roles executives are looking to fill are cloud solutions architects (43%), security intelligence (40%), and data analysis (37%). An alternative many organisations have used to fill job vacancies is ‘hiring from within,’ offering upskilling to increase existing workers’ skills in the same areas they’re hiring for: digital skills, business acumen, and social skills. A few organisations have started to rely on managed services to fill the acute need for deep talent and advanced technologies.
Rethinking cyber budgets
More than half of organisations (55%) state that their cyber budget will be increasing rather than decreasing in 2021. While a larger budget for cybersecurity is good news, the industry should expect changes in the way they are being managed, going forward. More than half (55%) surveyed lack confidence that their cyber spending is allocated towards the most significant risks to the organisation. Forty-four percent say that they’re thinking about changing their budgeting process, and 37% strongly agree that quantification of cyber risks can significantly improve the way they manage spending against risks. Nevertheless, more than one-third strongly agree that organisations can strengthen their cyber posture while containing costs - thanks to automation and rationalisation of technology.
Levelling the playing field against cyber attackers
Innovation and technology are changing the way organisations are levelling the playing field against cyber attackers, with 43% of executives saying they’ve improved customer experiences, and are responding more quickly to incidents and disruptions. The top-ranked outcomes desired in the next two to three years are: increased prevention of successful attacks, faster response times to disruptions, improved confidence of leaders in ability to manage threats, and improved customer experience.
Results for the survey found that executives from large organisations (US$1bn+) are more likely to report benefits from making a strategic shift to advanced technologies and restructuring security operations. Respondents from the largest organisations (US$10bn+) were also more likely to report gains from using security models and technologies including Zero Trust, managed services, virtualisation, and accelerated cloud adoption.
These findings suggest that investing in technologies, processes and capabilities, and people is critical to making meaningful headway against attackers. And they underscore the importance of a CISO who can play a transformational leader role.
In a year filled with many firsts, economic, public health, and cyber organisations saw a surge in intrusions, ransomware, data breaches in health and educational institutions, and phishing. As a result, 40% of the executives surveyed said they plan to increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs.
“The next-gen security organisation has a three-fold mission: build trust, build resilience, and accelerate innovation," said Joyce. "In short, it’s going to be very different from most security organisations today."
In the threat outlook for 2021, Internet of Things (IoT) and cloud service providers top the list of ‘very likely’ threats (mentioned by 33%), while cyber attacks on cloud services top the list of threats that will have ‘significantly negative impact’ (reported by 24%).
Like this item? Get our Weekly Update newsletter. Subscribe today