Investments continue to pour into cybersecurity. Sixty-nine percent of organisations predict a rise in cyber spending in 2022 compared to 55% last year. More than a quarter (26%) predict cyber spending hikes of 10% or more; only 8% percent said that last year.
Organisations know that risks are increasing. More than 50% expect a surge in reportable incidents next year above 2021 levels.
Already, 2021 is shaping up to be one of the worst on record for cybersecurity. Ever more sophisticated attackers are plumbing the dark corners of our systems and networks, seeking — and finding — vulnerabilities. Whatever the nature of an organisation’s digital Achilles’ heel — an unprotected server containing 50 million records, for example, or a flaw in the code controlling access to crypto wallets — attackers will use every means at their disposal, traditional as well as ultra-sophisticated, to exploit it.
The consequences for an attack rise as our systems’ interdependencies grow more and more complex. Critical infrastructures are especially vulnerable. And yet, many of the breaches we’re seeing are still preventable with sound cyber practices and strong controls.
As digital connections multiply, they form increasingly complex webs that grow more intricate with each new technology. Having a smart phone enables us to carry a variety of “devices” — telephone, camera, calendar, TV, health tracker, an entire library of books, and so much more — in our pocket, simplifying our lives in many ways and letting us work on the go. The Internet of Things lets us perform myriad tasks by uttering a simple command, enables factories to all but run themselves, and lets our healthcare providers monitor our health from a distance.
But the processes needed to manage and maintain all these connections — including cybersecurity — are getting more complicated, too. Runaway complexity evokes the Lernaean Hydra from Greek mythology: cut off one head, and two grow in its place.
Is the business world now too complex to secure? Leaders are sounding the alarm. Some 75% of respondents to our 2022 Global Digital Trust Insights Survey say that too much avoidable, unnecessary organisational complexity poses “concerning” cyber and privacy risks.
But because some complexities are necessary, your enterprise shouldn’t streamline and simplify its operations and processes thoughtlessly, but consciously and deliberately.
This 2022 Global Digital Trust Insights Survey offers the C-suite a guide to simplifying cyber with intention. It focuses on four questions that tend to get short shrift but, if properly considered, can yield significant dividends.
These questions may surprise and even challenge you because, in a survey about data trust, they aren’t technology-centered. Tech, in itself, is not the answer to simplified security.
Our focus, instead, is on working together as a unified whole, from the tech stack to the board room — starting at the top with the CEO. Security is a concern for the entire business, in every function and for every employee.
Based on respondents’ answers to these questions, we determined the top 10% of organisations that are most advanced in their practices. These most advanced are twice as likely to report significant progress on important cyber goals: instilling a culture of cybersecurity, managing cyber risk, enhancing communication between boards and management, and coordinating cyber strategy with business strategy.
more likely to have streamlined operations enterprise wide
more likely to have a formal process fully implemented for data trust practices
more likely to have high levels of understanding of cyber and privacy risks from third parties
more likely to say their CEOs give them the support they need
more likely to state data and intel tools and approaches are integral to their operating model
more likely to say they achieved public-private sector collaboration goals ‘very effectively'
Strategists and technologists have touted the potential of digital business models to boost business 10x — a Holy Grail promise of exponential returns on digital investments. Likewise, the Survey reveals how simplifying business processes and operations can have a “multiplier” effect on security and privacy.
Here are the four Ps to realising your full cyber potential, as exemplified by most advanced and most improved organisations, who employ them all.
Principle. The CEO must articulate an explicit, unambiguous foundational principle establishing security and privacy as a business imperative.
People. Hire the right leader, and let CISO and security teams connect with the business teams. Your people can be vanguards of simplification even as you build “good complexity” in the business.
Prioritisation. Your risks continually change as your digital ambitions rise. Use data and intelligence to measure your risks continually, as well.
Perception. You can’t secure what you can’t see. Uncover blind spots in your relationships and supply chains.
As common-sense as these precepts and practices might seem, they’re not commonplace. Only the top 10% have adopted them and they also report making significant progress toward their cyber objectives during the past two years.
On the other hand, many enterprises continue to struggle amid risky, runaway, befuddling complexity. Bad habits are often why: Using many tech solutions that, too often, don’t even work together. Not coordinating the work of various functions on resilience or third-party risk management. Not creating and adhering to processes for dealing with data (governance). Not speaking in the language of business when talking about cyber.
Businesses develop these bad habits in the name of speed, or they accept and assimilate them out of resistance to change. The good thing, however, is that bad habits can be broken. And C-suite champions can help develop new habits of coordination and collaboration among all functions, business and tech, for an organisation that’s simply secure.
Make ‘simply secure’ your business mantra
Size up your risks — using data you can trust — to realise opportunities
The 2022 Global Digital Trust Insights is a survey of 3,602 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers) conducted in July and August 2021. Female executives make up 33% of the sample.
Sixty-two percent of respondents are executives in large companies ($1 billion and above in revenues); 33% are in companies with $10 billion or more in revenues.
Respondents operate in a range of industries: Tech, media, telecom (23%), Industrial manufacturing (22%), Financial services (20%), Retail and consumer markets (16%), Energy, utilities, and resources (8%), Health (7%), and Government and public services (3%).
Respondents are based in various regions: Western Europe (33%), North America (26%), Asia Pacific (18 %), Latin America (10 %), Eastern Europe (4%), Middle East (4%), and Africa (4%).
The Global Digital Trust Insights Survey is formally known as the Global State of Information Security Survey (GSISS).
PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.