No Match Found
1 December 2020 – Decades after emerging from under IT’s wing, the cybersecurity profession has matured. Armed with the insight and foresight that only experience can provide; cybersecurity stands at a pivotal point for the industry, organisations, and people it serves.
Amid the backdrop of COVID-19, PwC launches it is latest installment in the Digital Trust Insights series - Global Digital Trust Insights 2021: Cybersecurity comes of age - insights into what’s changing and what’s next in cybersecurity. The report is gathered from a survey of 3,249 business and technology executives from around the world.
The feedback from survey respondents was focused on five key areas: updating cyber strategy, future proofing cyber teams, getting the most out of cyber budgets, investing to level the playing field against attackers, and building resilience.
Updating cyber strategy
An overwhelming 96% of the respondents, said they’ll shift their cybersecurity strategy due to COVID-19, with 50% now saying they are more likely now to consider cybersecurity in every business decision up from 25% last year. In addition, 51% of CEOs stated they are more likely to have frequent interactions with the Chief Information Security Officer (CISO). In the pandemic’s first three months, CEOs reported, their organisations were accelerating digitisation at a surprising speed, advancing to year two or three of their five-year plans.
“Given the unprecedented impacts of COVID-19 - many organisations had to re-think and re-frame their cybersecurity strategies. The evolving role of a CISO and their importance to the organisation has never been more critical to both its survival and growth. It is important for CISOs to balance the nuances of technology and business requirements, while supporting the organisation in their cyber strategy,” said Sean Joyce, Global Cybersecurity, Privacy, and Forensics leader, PwC US
Doing things faster and more efficiently is the top digital ambition for 29% of executives, while 31% are modernising with new capabilities. More than one-third - 35% - say they’re speeding up automation to cut costs.
Help wanted. Future-proofing cyber teams
With 3.5 million cyber security jobs to be filled in 2021 - the one problem plaguing the cybersecurity industry is a lack of skilled workers. Fifty-one percent of executives in the survey said they plan to add full-time cybersecurity personnel over the next year, with more than 22% saying they will increase staffing by 5% or more.
The top roles executives are looking to fill: cloud solutions architects (43%), security intelligence (40%), and data analysis (37%). An alternative many organisations have used to fill job vacancies is ‘hiring from within,’ offering upskilling to increase existing workers’ skills in the same areas they’re hiring for: digital skills, business acumen, and social skills. A few organisations have started to rely on managed services to fill the acute need for deep talent and advanced technologies.
Rethinking cyber budgets
More than half of organisations, 55%, state that their cyber budget will be increasing rather than decreasing in 2021. While a larger budget for cybersecurity is good news, the industry should expect changes in the way they are being managed, going forward. More than half (55%) surveyed lack confidence that their cyber spending is allocated towards the most significant risks to the organisation. Forty-four percent say that they’re thinking about changing their budgeting process, and 37% strongly agree that quantification of cyber risks can significantly improve the way they manage spending against risks. Nevertheless, more than one-third strongly agree that organisations can strengthen their cyber posture while containing costs — thanks to automation and rationalisation of tech.
Leveling the playing field against cyber attackers
Innovation and technology are changing the way organisations are leveling the playing field against cyber attackers, with 43% percent of executives saying they’ve improved customer experiences, and are responding more quickly to incidents and disruptions. The top-ranked outcomes desired in the next 2-3 years are: increased prevention of successful attacks, faster response times to disruptions, improved confidence of leaders in ability to manage threats, and improved customer experience.
Results for the survey found that executives from large organisations ($1B+) are more likely to report benefits from making a strategic shift to advanced technologies and restructuring security operations. Respondents from the largest organisations ($10B+) were also more likely to report gains from using security models and technologies including Zero Trust, managed services, virtualisation, and accelerated cloud adoption.
These findings suggest that investing in technologies, processes and capabilities, and people is critical to making meaningful headway against attackers. And they underscore the importance of a CISO who can play a transformational leader role.
“Larger organisations with more resources are applying new technologies and mindsets to turn the tables on attackers. But as the technologies become more affordable and the models refined, small and medium-sized enterprises can benefit as well,” added Chairil Tarunajaya, PwC Indonesia Risk Consulting Leader.
In a year filled with many “first-evers'' economic, public health, and cyber organisations, saw a surge in intrusions, ransomware, data breaches in health and educational institutions, and phishing. As a result, 40% of the executives surveyed said they plan to increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs.
“The next-gen security organization has a three-fold mission: build trust, build resilience, and accelerate innovation. In short, it’s going to be very different from most security organisations today,” said Sean Joyce.
The threat outlook for 2021: Internet of Things (IoT) and cloud service providers top the list of ‘very likely’ threats (mentioned by 33%), while cyber-attacks on cloud services top the list of threats that will have ‘significantly negative impact’ (reported by 24%).
Notes to editors
Cybersecurity comes of age: Global Digital Trust Insights 2021 based on PwC’s survey of 3,249 business and technology executives from around the world. To download the full report, visit https://www.pwc.com/gx/en/issues/cybersecurity/digital-trust-insights.html
PwC Indonesia comprises KAP Tanudiredja, Wibisana, Rintis & Rekan, PT PricewaterhouseCoopers Indonesia Advisory, PT Prima Wahana Caraka, PT PricewaterhouseCoopers Consulting Indonesia and Melli Darsa & Co., Advocates & Legal Consultants, each of which is a separate legal entity and a separate member firm of the PwC global network.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
© 2020 PwC. All rights reserved