The C-suite guide to simplifying for cyber readiness, today and tomorrow
As cyber ecosystems grow in complexity they become more difficult to manage and secure, leaders should be aware that untamed complexity can cause problems in and of itself – which is why our latest report focuses on simplifying cyber security.
Our Digital Trust Insights (DTI) survey had 3,602 business, technology and security executives voice their perspectives (C-level) of which half were business leaders, and half were tech/security leaders. In Central and Eastern Europe (CEE), leaders near and far have a stake in the CEE region as the hub of their cyber teams and operations – Multinational companies who operate cyber bases in the region, subsidiaries who operate business in the region and local businesses who are looking to expand in and outside CEE.
As this region hosts many diverse stakeholders in cybersecurity, we offer how the CEE, EMEA and Global numbers compare to each other in this year’s DTI survey. *
One thing is for sure – organisations are realising the risk is rising in cyber. Already, 2021 is shaping up to be one of the worst on record for cybersecurity. Ever more sophisticated attackers are plumbing the unattended corners of our systems and data, seeking — and finding — vulnerabilities. In our 24th Annual Global CEO Survey, Chief executives cited cyber threats as the number-two risk to their business prospects. In North America and Western Europe, cyber was number-one.
This year’s DTI survey found that more than 50% of leaders expect a surge in reportable cyber incidents next year. Looking more closely, 72% of CEE respondents expect an increased threat from cyber criminals in 2022, compared to 60% Global and EMEA respondents.
Overall, the top three threat actors organisations foresee increased attacks from include cyber criminals, hackers, and nation states.
Is the business world now too complex to secure? Leaders are sounding the alarm. Some 75% of respondents to our 2022 Global Digital Trust Insights Survey say that too much avoidable, unnecessary organisational complexity is posing “concerning” levels of cyber and privacy risks. Leaders in EMEA follow with a similar sentiment. However the CEE numbers show a lower but still significant level of concern for complexity risk.
When searching for the answer to simplified cyber security, adding more tech is not always the solution. Instead, leaders should focus on working together as a unified whole, from the tech stack to the board room — starting at the top with the CEO. In every function and for every employee, security is a concern for the entire business.
Globally, 69% of organisations predict a rise in cyber spending in 2022 compared to 55% last year. More than a quarter (26%) predict cyber spending hikes of 10% or more. Interestingly, when leaders were asked where they would focus their spend to simplify cybersecurity, CEE respondents said they were focused more on rationalisation of technology and restructuring their security teams than Global and EMEA.
This raises the question of what could be done better for future cyber investments?
When asked about initiatives such as cloud security, security awareness training, endpoint security, managed security services, threat intelligence capability, enterprise and consumer identity and access management, disaster recovery planning and third-party risk management, less than 20% have started to see benefits from the implementation of their investments.
Without a clear focus on simplifying cyber ecosystems, organisations may become vulnerable to cyber exploitation or failure – consequences of which would have a ripple effect across an organisation's entire operations.
The top consequence of cyber complexity in EMEA and CEE is "lack of operational resilience or inability to recover from a cyber attack or technology failure". In CEE, this is followed by an “inability to retain top talent” (7th in EMEA) and “financial losses due to successful data breaches or cyber attacks” (3rd in EMEA, and 1st Globally).
Strategists and technologists have touted the potential of digital business models to boost business 10x — a Holy Grail promise of exponential returns on digital investments. Likewise, the Survey reveals how simplifying business processes and operations can have a “multiplier” effect on security and privacy.
Here are the four steps to realising your full cyber potential, as exemplified by most advanced and most improved organisations, who employ them all. Organisations with the most advanced practises are twice as likely to have made significant progress in cybersecurity over the past two years, and they lead in four areas:
Principle. The CEO must articulate an explicit, unambiguous foundational principle establishing security and privacy as a business imperative.
People. Hire the right leader, and let CISO and security teams connect with the business teams. Your people can be vanguards of simplification even as you build “good complexity” in the business.
Prioritisation. Your risks continually change as your digital ambitions rise. Use data and intelligence to measure your risks continually, as well.
Perception. You can’t secure what you can’t see. Uncover blind spots in your relationships and supply chains.
*The 2021 Digital Trust Insights Survey report for CEE is based on a sample of respondents from the following CEE territories: Poland, Czech Republic, Hungary, Romania, Kazakhstan, Ukraine, Croatia, Bulgaria, and Latvia. For the purposes of this survey, respondents from Russia are treated as a separate sample and results are given in a Russian-language report.
Partner, Cybersecurity & Privacy CEE Leader, PwC Poland, PwC Central and Eastern Europe
Tel: +48 502 184 157