In a digital world, networks of people, organizations and even nations rise together with new possibilities. But they can also fall together when cybersecurity fails. That’s the nature of interconnectedness.
Different industries face different kinds of cybersecurity and privacy challenges, and they’re all at different levels of maturity and resilience. But we see momentum across six industries for a reset:
These industry highlights are but a few threads to pull on for your conversations with your executive leadership team and your board of directors.
It’s no surprise that 51% of the global financial services (FS) executives who responded to our Global Digital Trust Insights Survey said they’re baking cybersecurity and privacy implications into business decisions and planning as a result of COVID-19. Slightly more than half plan to increase cyber budgets (57%) and headcount (53%) in 2021.
Many will continue to invest in advanced technologies, such as integrated cloud and network security. Automation is making it possible for FS firms to contain cybersecurity costs and improve cyber posture, according to 76% of the executives. They’re also making strides in unifying cyber risk reporting throughout the organization.
As the pandemic continues, the financial sector is racing to improve digital capabilities. Digital transformation helped firms adapt earlier this year, and it will be key to whatever comes next, likely adding more personalized, anytime-anywhere services for consumers. With this comes a shift toward permanent remote work, opening up the potential for new cyber threats. CISOs are expected by executive leaders to have a firm grasp on both securing the day-to-day needs of an huge critical infrastructure (as operational leader/master tactician) and shepherding their organization’s accelerated digitization plans (as transformational leader).
Resilience is a watch word in this industry: FS regulators and standard-setters are focused on helping — and compelling — financial institutions to enhance their resilience against disruptions and evolving threats in this still fragile economy.
Post-pandemic forces are accelerating the New Health Economy, what PwC calls the transformation of health systems into a modular ecosystem of delivery, innovation and wellness more closely tied to the consumer. Virtualization of health- and analytics-driven modeling and platforms made possible by more data exchanges are just two of these forces. But this transformation must be built on consumer trust and safety.
Cybersecurity and privacy are integral to a successful and secure transformation of the industry: nearly 49% are baking cybersecurity and privacy implications into every business decision or plan. Health organizations are increasingly the target of nation-state actors and cybercriminals, and the industry is right to guard against specific threats like ransomware and disinformation.
Only 48% of the CISOs in the sector told us that their cyber budgets are increasing in 2021. Will that be enough to modernize cybersecurity in an industry known for legacy technologies? Seventy-three percent of these industry executives said they believe they will be able to strengthen their cyber posture while containing costs, but that will require wise investments in tech, people and processes to shore up currently weak defenses such as patch management.
Finally, cyber and privacy experts are beginning to focus also on the interoperability infrastructure — focused on freer flows of data to help patients have better and complete electronic records for better health decisions — that’s being built out in 2021 and 2022.
Retailers and consumer goods companies responded quickly as the content of our shopping carts changed and we shifted to contactless payments and deliveries during the pandemic. The share of digital customer interactions nearly broke the 60% mark, and it’s poised to continue climbing.
Forty percent of these industry executives are focused on accelerating digitization (e.g., e-commerce, direct-to-consumer) for growth. Every digital interaction that a customer experiences — from the first visit to the site to the completion of a purchase to post-purchase interactions — is being reimagined and viewed as a way to enhance brand.
With this, it’s not surprising that retail and consumer executives are more likely to say their cyber budgets will increase (59.3%) compared to the global average (55%) in 2021.
Importantly, almost 50% of the industry executives said they now bake cybersecurity and privacy implications into every business decision and into their planning. That’s a welcome change in cyber strategy. E-commerce is being made more secure, efficient and privacy-friendly.
Here’s an important initiative for cyber and privacy teams to be part of: building a single 360° view of a consumer across all channels of interactions. That ambition runs on data — governed, discovered, protected and minimized in ways that consumers can trust. Industry leaders will make headway in coming years with new approaches to protect their customers’ dynamic digital identities as they build richer interactions with them.
The manufacturing industry evolved dramatically in a matter of months. When the pandemic hit, manufacturers quickly activated tech-and-people investments in IoT, AI, robotics, and other 4IR technologies to add efficiencies, reconfigure production lines and realign supply chains to meet their customers’ priorities and needs.
Nearly 40% of manufacturing executives expect to continue accelerating automation for cost-cutting, as well as digitizing operations for growth.
These initiatives call for baking cybersecurity and privacy implications into business decisions and planning — a much needed correction in the sector’s historically disconnected cyber, IT, operations and business strategies.
This change in cyber strategy will help, especially as the industry encounters a widening attack surface as organizations double down on IoT deployments and ramp up cloud adoption. Intrusions can come through the supply chain or third parties. The sector also faces a proliferation in data responsibilities as it increasingly ventures into direct-to-customer e-commerce sales and grows revenues from IoT-tethered products and services. To meet cybersecurity goals, manufacturers will also need to further close the gap between the operational and IT teams, a weakness that can be exploited by disruptionware.
Forty-seven percent of the manufacturing executives told us they also expect to change the cyber budget process. Rightly so. Indeed, they’re more likely than the global average to lack confidence that their cyber budgets are allocated to the most significant risks in their organization (59% versus 55%).
Half of the business and security/tech executives in the energy and utilities industry told us they believe that one of the pandemic’s most important legacies will be greater communication between CISOs and CEOs and/or boards. This welcome change is bolstered by a cyber strategy reset: Nearly half (45%) plan on baking cybersecurity and privacy implications into business decisions and a new process for cyber budgeting.
These improvements come at a propitious moment. The industry is at the front end of a momentous energy transition. Nearly 25% of these industry executives said they are redefining their core business models and organizations. They are decarbonizing the generation mix, embedding grid intelligence, redefining customer value propositions and elevating tech’s role in enabling energy supply, delivery and consumption.
Energy and utilities executives expect that attacks are very likely in 2021 via IoT-connected devices and components (32%) and through cloud service providers (30%). They are also concerned — more than all other sectors — about the significant negative impact these threats pose to their business. Nation-state threat actors and disruptionware attacks on critical business services are also a source of alarm. In fact, the security of the US power grid is considered in a state of national emergency, as underscored by a recent executive order banning the importation of bulk-power supplies from six foreign adversaries.
About 59% of CISOs expect an increase in their cyber budgets in 2021, while 48% plan on adding headcount.
As a society, consumers stayed connected, informed and entertained when the pandemic struck despite stay-in-place orders — thanks to a resilient technology, media and telecom (TMT) sector. Remote work setups took two weeks to implement instead of the typical 16 months. Technology accommodated as much as 30x the pre-pandemic level of daily meeting participants.
Cybersecurity is central to all aspects of these transitions: Cyber attacks in 2020 exploited weaknesses in these quickly configured arrangements. More and more, security professionals are embedded in agile development teams. In fact, every business decision has cyber and privacy implications requiring active CISO participation. In our survey 57% of tech execs and 50% of telecom execs agreed that this has become a new way of working. Media execs came in at 38%.
Meanwhile, privacy intrusions continue to be a sore point with customers and regulators. Can TMT organizations improve customer experience while complying with privacy and data protection rules? Executives in tech (46%) say yes while executives in communications (39%) and media (28%) are still looking for the right balance. A handful of trust pioneers are changing approaches such as shifting from opt-out to opt-in privacy or holding regular “customer town halls” with the CEO on product security.
Cyber and privacy built around the customer is a rising trend. In fact, 19% of business and security executives in TMT want their CISO to play the role of experience officer, focused on delivering a better, more secure experience to customers, employees and other stakeholders.