Skip to content Skip to footer
Search

Loading Results

Canadian Digital Trust Insights 2021

Cybersecurity comes of age

At a glance

  • Accelerated digitization will continue to be one of the key impacts of COVID-19, but as new business models interact with new technologies, cybersecurity strategies across industries will need to shift to meet changing demands.
  • As organizations digitize, getting the most value out of every cyber dollar spent will become even more critical, not just because of our current economic climate, but also because every new digital process can become a vulnerability.
  • In the next year, many organizations will increase cyber budgets and add full-time cyber personnel, and they’re looking for a mix of soft skills, such as critical thinking and communication, and technical skills, such as familiarity with cloud solutions.


Just decades after coming out from under IT’s wing, the cybersecurity profession has matured. Cyber teams are now armed with the insight and foresight only experience can provide. And the timing couldn’t be better, as many of the industries, organizations and people they serve are at a pivotal moment.

Our findings from the Global Digital Trust Insights 2021 survey of more than 3,000 business and technology executives around the world, including a significant number of Canadian respondents, tell us what’s changing and what’s next in cybersecurity.

In brief, organizations’ expectations of their security leaders continue to rise. No longer focused just on technology, although it’s very much in the picture, cyber’s real role now and into the future will be strengthening and increasing the resilience of their organizations.

1. Reset your cyber strategy

Our survey found that 44% of Canadian respondents (40% globally) say they expect accelerated digitization to be a likely outcome of COVID-19. Many are taking on business strategies they hadn’t imagined before, including e-commerce, new markets, new business models, remote working and automation. And 15% of Canadian respondents (21% globally) are changing their core business model and redefining their organizations.

But as we see new business models interact with new technologies, we’re also seeing the introduction of new cyber risks.

Traditional approaches to cyber just can’t keep up with the pace and scale of digitization. And they’re slowing down business strategies and impacting both the top and bottom line. So it’s really not surprising that nearly all respondents (97% in Canada and 96% globally) say their industry’s cybersecurity strategies will shift as a result of COVID-19.

What’s the primary aspiration for your enterprise-wide, tech-driven business transformation or major digital initiatives?
  • Efficiency seekers: Do what we have always done but faster and more efficiently
  • Modernizers: Modernize our organization/brand with new capabilities
  • Redefiners: Change our core business model and redefine our organization
  • Explorers: Break into new markets or industries

Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry?
  Canada Global
Greater resilience testing to account for more low-likelihood, high-impact events 57% 43%
Cybersecurity and privacy implications baked into every business decision or planning 55% 50%
More frequent interactions between CISO and the CEO or boards 41% 43%
New process of budgeting for cyber spend or investments 39% 44%
Better and more granular quantification of cyber risk 37% 44%
No changes due to COVID-19 3% 4%

Our key takeaways

  • Reset your cyber strategy to adapt to the new business reality and make high-speed digital change safer.
  • Consider a business-driven cyber strategy that aligns with the vision and goals of the whole enterprise—not just IT.

2. Rethink your cyber budget

When looking to the future, two-thirds of respondents, both in Canada and globally, expect their business revenues to decline in the next year due to COVID-19. But encouragingly, 56% of Canadian respondents (55% globally) expect to increase their cyber budgets in that same period. This shows us many executives understand the importance of cyber in enabling both digitization and automation.

But across the board, very few Canadian executives are really confident their cyber budgets are being assigned and spent correctly. Only 34% of Canadian respondents (compared to 44% globally) are definitive their cyber budget is being allocated to the most significant risks. And while a fifth of both Canadian and global respondents say their organization is already seeing the benefits of better quantifying cyber risks, fewer than half say their organization has actually implemented it at scale.

As organizations digitize, getting the most value out of every cyber dollar spent will become even more critical, not just because of our current economic climate, but also because every new digital process and asset can become a new vulnerability for cyber attack.


Regarding your organization’s current cyber budget and processes, how confident are you with regard to the following?
Percentage of respondents who are not very confident
  Canada Global

Our cyber budgets are linked to overall enterprise or business-unit budgets in a strategic, risk-aligned and data-driven way.

62%

53%

Our cyber budget is focused on remediation, risk mitigation and/or response techniques that will provide the best return on cyber spending.

57%

55%

Our cyber budget process includes monitoring the effectiveness of our cyber program against the spending on cyber.

59%

54%

Our cyber budget is allocated toward the most significant risks to the organization.

66%

55%

Our key takeaways

  • Rethink your cyber budgeting process so you can clearly show how cyber spend links to risk and business priorities.
  • Link your cyber budget to overall digitization and automation budgets.
  • Quantify cyber risks so you can put a dollar amount on the impact of each cyber project and better prioritize cyber spend.

3. Level the playing field with attackers

Innovation is changing the cybersecurity game, giving new advantages to defenders and allowing them to level the playing field with attackers. Leading organizations are exploring advanced methods to protect their expanding digital ecosystems. But this isn’t optional—increased adoption of cloud, automation and Internet of Things (IoT) systems means organizations need to rethink their defences, as these systems can’t be protected with traditional IT security methods.

According to our survey, the top three cybersecurity approaches that Canadian organizations have implemented and are currently realizing the most benefits from are security orchestration and automation (19%), modern identity and access management (17%) and integrated cloud and network security (17%).


To what extent is your organization moving to the following new cybersecurity approaches or thinking?
Canadian respondents

Started implementing Implemented at scale Realizing benefits from implementation
Zero trust 28% 28% 16%
Integrated cloud security and network security 38% 25% 17%
Real-time monitoring of effectiveness of security controls 27% 39% 16%
Modern identity and access management 30% 30% 17%
Modern data discovery, management and guidance 34% 30% 16%
Accelerated cloud adoption 32% 31% 13%
Application of artificial intelligence (AI) in cyberdefence 35% 23% 15%
Security orchestration and automation 28% 23% 19%
Move beyond business continuity planning to cyber resilience 35% 26% 13%

Our key takeaways

  • Explore innovative ways to secure your cloud by fully leveraging cloud capabilities, such as security automation, integration, monitoring and analytics. You’ll be able to reduce governance costs, proactively address emerging threats and achieve continuous compliance.
  • Reimagine your approach for securing industrial and IoT systems, where traditional IT security methods won’t work.
  • Integrate your privacy, data protection and data governance practices to inspire confidence in the use of your critical data as it becomes more distributed.

4. Build resilience for any scenario

The reality is a cyber attack is much more likely than ever before, as 2020 has brought a surge in intrusions, ransomware and data breaches, along with an increase in phishing attempts.

In our survey, we asked Canadian executives to weigh in on the likelihood of cyber threats in their industry in the coming year. When looking at possible threat actors, Canadian respondents feel attacks by cybercriminals and current employees are most likely, with 55% and 49%, respectively, saying they’re somewhat or very likely (compared to 56% and 48% globally).

In terms of cyber events, Canadian respondents feel cyber attacks on cloud services, ransomware breaches and disruptionware attacks on critical business services are most likely, with 56%, 51% and 51%, respectively, saying they’re somewhat or very likely (compared to 58%, 57% and 55% globally).


What is the likelihood of a major and successful attack from […] in your industry in the next 12 months? What is the extent of impact, if it were to happen, on your organization?

How do respondents plan to prepare? A significant majority (78%) of Canadian executives (76% globally) agree with the statement, “Assessments and testing—done right—will help in targeted investments in cybersecurity.” So it makes sense that 57% of Canadian executives (40% globally) plan to increase resilience testing to make sure, if a disruptive cyber event happens, their critical business functions will stay up and running.

Our key takeaways

  • Perform regular assessments and testing to identify weaknesses in your defences before attackers do.
  • Implement a cyber hygiene program to remediate weaknesses often exploited by attackers.
  • Focus on enterprise-wide digital trust by orchestrating resiliency efforts across business continuity, disaster recovery, crisis management, privacy and fraud, all of which are typically separate functions.

5. Future-proof your security team

In the next year, 42% of Canadian respondents plan to add full-time cybersecurity personnel to their organization. But this won’t necessarily be easy, and many recognize the challenges in attracting and retaining good cyber talent. So it’s not surprising that an overwhelming majority (94%) of Canadian respondents (93% globally) use or plan to use managed services.

Canadian executives are looking for future leaders with stronger soft skills to enable better partnership with IT and the business.


Which of the following skills are you looking for in your new hires in the next 12 months?
Digital building blocks

Three of the five most-mentioned attributes among Canadian respondents to our survey were soft skills: critical thinking (49%), communication (44%) and creativity (43%).

When we look at technical skills, the highest number of Canadian respondents (44%) want their new hires to know about cloud solutions. Tied for second in demand are specialization in particular new tech solutions (for example, AI, IoT and blockchain) and security intelligence experience (40%).


Business enablement
Soft skills

Our key takeaways

  • Design talent attraction and retention programs for the cyber function.
  • Offer upskilling to increase current employees’ skills in the same key areas you’re hiring.
  • If you don’t have the resources to attract and retain top cyber talent, consider partnering with a managed security services provider.

Prepare for the next generation of cybersecurity now

Interested in learning more about how to prepare your organization for the future of cybersecurity? Contact us.

Sajith Nair

Partner & National Leader - Cybersecurity, Privacy and Financial Crime, Toronto, PwC Canada

+1 416 815 5185

Email

Follow PwC Canada