Cybersecurity comes of age as industries transform

In a digital world, networks of people, organizations and even nations rise together with new possibilities. But they can also fall together when cybersecurity fails. That’s the nature of interconnectedness.

Different industries face different kinds of cybersecurity and privacy challenges, and they’re all at different levels of maturity and resilience. But we see momentum across six industries for a reset:

  • In cyber strategy: More business-driven, less on its own.
  • In cyber budgeting: More aligned to the most important risks and better informed by risk quantification.
  • In use of advanced technologies: Rationalized, more integrated and simpler, not one-off and fragmented.
  • In resilience: Part of business-as-usual, not episodic.
  • In people upskilling: Digital, business, and social acumen, not just tech.

These industry highlights are but a few threads to pull on for your conversations with your executive leadership team and your board of directors.

Financial services focus on securing better customer experiences with advanced cyber defense and resilience

It’s no surprise that 51% of the global financial services (FS) executives who responded to our Global Digital Trust Insights Survey said they’re baking cybersecurity and privacy implications into business decisions and planning as a result of COVID-19. Slightly more than half plan to increase cyber budgets (57%) and headcount (53%) in 2021.

Many will continue to invest in advanced technologies, such as integrated cloud and network security. Automation is making it possible for FS firms to contain cybersecurity costs and improve cyber posture, according to 76% of the executives. They’re also making strides in unifying cyber risk reporting throughout the organization.

As the pandemic continues, the financial sector is racing to improve digital capabilities. Digital transformation helped firms adapt earlier this year, and it will be key to whatever comes next, likely adding more personalized, anytime-anywhere services for consumers. With this comes a shift toward permanent remote work, opening up the potential for new cyber threats. CISOs are expected by executive leaders to have a firm grasp on both securing the day-to-day needs of an huge critical infrastructure (as operational leader/master tactician) and shepherding their organization’s accelerated digitization plans (as transformational leader).

Resilience is a watch word in this industry: FS regulators and standard-setters are focused on helping — and compelling — financial institutions to enhance their resilience against disruptions and evolving threats in this still fragile economy.

Related insights:

Making remote work productive and secure
Business-led transformation in FS
Ten key points on operational resilience

The biggest business impacts of COVID-19 for financial services


Permanent, full-time remote work mode for greater portion of the workforce compared to pre-COVID-19
%
Accelerated digitalization for growth
%
Larger weight on the quality of IT and telecommunications infrastructure (ICT) in choice of countries where we do business
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 625
Q: Which of the following changes are most likely to be impacts of the COVID-19 experience in your industry?

Health industry organizations build a better — and more secure — ecosystem

Post-pandemic forces are accelerating the New Health Economy, what PwC calls the transformation of health systems into a modular ecosystem of delivery, innovation and wellness more closely tied to the consumer. Virtualization of health- and analytics-driven modeling and platforms made possible by more data exchanges are just two of these forces. But this transformation must be built on consumer trust and safety.

Cybersecurity and privacy are integral to a successful and secure transformation of the industry: nearly 49% are baking cybersecurity and privacy implications into every business decision or plan. Health organizations are increasingly the target of nation-state actors and cybercriminals, and the industry is right to guard against specific threats like ransomware and disinformation.

Only 48% of the CISOs in the sector told us that their cyber budgets are increasing in 2021. Will that be enough to modernize cybersecurity in an industry known for legacy technologies? Seventy-three percent of these industry executives said they believe they will be able to strengthen their cyber posture while containing costs, but that will require wise investments in tech, people and processes to shore up currently weak defenses such as patch management.

Finally, cyber and privacy experts are beginning to focus also on the interoperability infrastructure — focused on freer flows of data to help patients have better and complete electronic records for better health decisions — that’s being built out in 2021 and 2022.

Related insights:

Hacking the vaccine
Foreign influence in health research
The new health economy accelerates

Biggest business impact of COVID-19 in the health industry


Accelerated digitalization for growth
%
Permanent full-time remote work mode for greater portion of the workforce compared to pre-COVID-19
%
Higher inventory levels of critical supplies
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 264
Q: Which of the following changes are most likely to be impacts of the COVID-19 experience in your industry?

Retail and consumer industry poised to build upon consumer trust earned during the pandemic

Retailers and consumer goods companies responded quickly as the content of our shopping carts changed and we shifted to contactless payments and deliveries during the pandemic. The share of digital customer interactions nearly broke the 60% mark, and it’s poised to continue climbing.

Forty percent of these industry executives are focused on accelerating digitization (e.g., e-commerce, direct-to-consumer) for growth. Every digital interaction that a customer experiences — from the first visit to the site to the completion of a purchase to post-purchase interactions — is being reimagined and viewed as a way to enhance brand.

With this, it’s not surprising that retail and consumer executives are more likely to say their cyber budgets will increase (59.3%) compared to the global average (55%) in 2021.

Importantly, almost 50% of the industry executives said they now bake cybersecurity and privacy implications into every business decision and into their planning. That’s a welcome change in cyber strategy. E-commerce is being made more secure, efficient and privacy-friendly. 

Here’s an important initiative for cyber and privacy teams to be part of: building a single 360° view of a consumer across all channels of interactions. That ambition runs on data — governed, discovered, protected and minimized in ways that consumers can trust. Industry leaders will make headway in coming years with new approaches to protect their customers’ dynamic digital identities as they build richer interactions with them.

Related insights: 

From data governance to data trust
2020 Holiday Outlook
Consumer companies must take leaps not steps

Primary aspiration for digital transformation


Modernize our organization/brand with new capabilities
%
To do what we have always done, but faster and more efficiently
%
To break into new markets or industries
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 644
Q: What is the primary aspiration for your enterprise-wide, technology-driven business transformation or major digital initiatives?

Momentum for change in cyber strategy comes at just the right time for manufacturers

The manufacturing industry evolved dramatically in a matter of months. When the pandemic hit, manufacturers quickly activated tech-and-people investments in IoT, AI, robotics, and other 4IR technologies to add efficiencies, reconfigure production lines and realign supply chains to meet their customers’ priorities and needs.

Nearly 40% of manufacturing executives expect to continue accelerating automation for cost-cutting, as well as digitizing operations for growth.

These initiatives call for baking cybersecurity and privacy implications into business decisions and planning — a much needed correction in the sector’s historically disconnected cyber, IT, operations and business strategies.

This change in cyber strategy will help, especially as the industry encounters a widening attack surface as organizations double down on IoT deployments and ramp up cloud adoption. Intrusions can come through the supply chain or third parties. The sector also faces a proliferation in data responsibilities as it increasingly ventures into direct-to-customer e-commerce sales and grows revenues from IoT-tethered products and services. To meet cybersecurity goals, manufacturers will also need to further close the gap between the operational and IT teams, a weakness that can be exploited by disruptionware.

Forty-seven percent of the manufacturing executives told us they also expect to change the cyber budget process. Rightly so. Indeed, they’re more likely than the global average to lack confidence that their cyber budgets are allocated to the most significant risks in their organization (59% versus 55%).

Related insight:

Biggest changes in cybersecurity as a result of COVID-19 in the industrial manufacturing industry


Cybersecurity and privacy implications baked into every business decision or planning
%
Better and more granular quantification of cyber risk
%
New process of budgeting for cyber spend or investments
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 617
Q: Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry?

Energy and utility executives reset cyber strategy as the industry transforms

Half of the business and security/tech executives in the energy and utilities industry told us they believe that one of the pandemic’s most important legacies will be greater communication between CISOs and CEOs and/or boards. This welcome change is bolstered by a cyber strategy reset: Nearly half (45%) plan on baking cybersecurity and privacy implications into business decisions and a new process for cyber budgeting.

These improvements come at a propitious moment. The industry is at the front end of a momentous energy transition. Nearly 25% of these industry executives said they are redefining their core business models and organizations. They are decarbonizing the generation mix, embedding grid intelligence, redefining customer value propositions and elevating tech’s role in enabling energy supply, delivery and consumption.

Energy and utilities executives expect that attacks are very likely in 2021 via IoT-connected devices and components (32%) and through cloud service providers (30%). They are also concerned — more than all other sectors — about the significant negative impact these threats pose to their business. Nation-state threat actors and disruptionware attacks on critical business services are also a source of alarm. In fact, the security of the US power grid is considered in a state of national emergency, as underscored by a recent executive order banning the importation of bulk-power supplies from six foreign adversaries.

About 59% of CISOs expect an increase in their cyber budgets in 2021, while 48% plan on adding headcount.

Related insights:

The smart grid needs a smarter cyber strategy
Amping up innovation
Biden agenda and the energy and utilities industry

Biggest cyber change as a result of COVID-19


More frequent interactions between CISO and the CEO or boards
%
Cybersecurity and privacy implications baked into every business decision or planning
%
New process of budgeting for cyber spend or investments
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 253
Q: Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry?

Cyber and privacy built around the customer is a rising trend in technology, media and telecom

As a society, consumers stayed connected, informed and entertained when the pandemic struck despite stay-in-place orders — thanks to a resilient technology, media and telecom (TMT) sector. Remote work setups took two weeks to implement instead of the typical 16 months. Technology accommodated as much as 30x the pre-pandemic level of daily meeting participants.

Cybersecurity is central to all aspects of these transitions: Cyber attacks in 2020 exploited weaknesses in these quickly configured arrangements. More and more, security professionals are embedded in agile development teams. In fact, every business decision has cyber and privacy implications requiring active CISO participation. In our survey 57% of tech execs and 50% of telecom execs agreed that this has become a new way of working. Media execs came in at 38%.

Meanwhile, privacy intrusions continue to be a sore point with customers and regulators. Can TMT organizations improve customer experience while complying with privacy and data protection rules? Executives in tech (46%) say yes while executives in communications (39%) and media (28%) are still looking for the right balance. A handful of trust pioneers are changing approaches such as shifting from opt-out to opt-in privacy or holding regular “customer town halls” with the CEO on product security. 

Cyber and privacy built around the customer is a rising trend. In fact, 19% of business and security executives in TMT want their CISO to play the role of experience officer, focused on delivering a better, more secure experience to customers, employees and other stakeholders.

Related insights:

Personalize the consumer experience
Forward to normal
Adopting a digital lifestyle
Global Entertainment and Media Outlook, 2020-2024

Top 3 changes in cybersecurity as a result of COVID-19


Cybersecurity and privacy implications baked into every business decision or planning
%
More frequent interactions between CISO and the CEO or boards
%
New process of budgeting for cyber spend or investments
%

Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 717
Q: Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry?

Contact us

Sean  Joyce

Sean Joyce

Global and US Cybersecurity, Privacy & Forensics Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

Follow us