To emerge sustainably, rethink cyber strategy and investment priorities

Digital Trust Insights Pulse Survey Findings 2020

Today, Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are adjusting to a different future

Launched in June 2020, the PwC’s Digital Trust Insights Pulse Survey of 141 security and information leaders in the United State (US) provides a gauge on

  • How did organisations weather this extreme test of resilience at the height of the COVID-19 pandemic and 
  • How are businesses rethinking their strategy and investments going forward

This is an extract of the survey report which highlights some key trends in  the US yet applicable for the Vietnam market. 

Notable insights relevant to the Vietnam market are as follows:

  • Boards and C-suite executives, who in the past may have wondered about the return on investment for all the cybersecurity personnel, solutions and architectures, don’t anymore. The value of their cybersecurity expenditures over the years — and of the CISO’s leadership — became crystal clear during this crisis.
  • Investments in the past two to three years that paid off the most during the crisis were investments related to remote work, crisis management, and data-driven risk management.

Vietnam enterprises show the similar investment trends in identifying and accessing management solutions, real-time threat intelligence capabilities and cloud adoption to facilitate the distributed work locations.

Pho Duc Giang, Director, PwC Vietnam Cybersecurity Ltd.

Investments in the past two to three years that paid off the most during the crisis were not one-off security solutions

CISOs surveyed said they invested in eight different areas, on average, over the past two to three years. The ones that paid off the most during the crisis were investments related to three capabilities. Critical to the sudden large-scale shift to remote work were investments such as VPN, VDI, mobile device management, endpoint security and identity-based network architecture. Helpful for crisis management were investments in resilience capabilities, such as business continuity and disaster recovery planning and managed detection and response services. Investments in data-driven risk management — such as real-time threat intelligence, use of data analytics and quantification of cyber risk — were also helpful as information evolved quickly during the crisis.

Takeaway:

Was making the right investments just a matter of good luck, or was it due to foresight? The answer lies beyond the scope of this Pulse Survey. However, based on our 2019 Digital Trust Insights study that business-driven cybersecurity leads to cyber investments that are more likely to yield tangible returns. 


What have been the impact of investments made in the past 2-3 years during the COVID-19 crisis to-date? (Respondents who say “significantly positive or positive” impact)


Secure remote work


VPN
%
VDI
%
Identity-based network architecture
%
Modern mobile device management
%
Endpoint security solutions
%


Resilience and crisis management


Managed detection and response services
%
Business continuity and disaster recovery planning
%


Data-driven risk management


Real-time threat intelligence
%
Use of data analytics and AI
%
Quantification of cyber risk
%

Source: PwC, Digital Trust Insights Pulse Survey, June 2020: base of 141

CISOs saw cyber attacks soar since February 2020 and expect threats to remain elevated in the next six months

Cyber attacks increased in March and April, said more than half of the respondents. And about the same percentage expect an increase in intrusions over the next six months. See recent examples below.

  • A phishing outbreak spread as the COVID-19 and responses to it (government act, stimulus and relief programs) provided fresh, highly effective topical lures for business email compromise and social engineering campaigns. 
  • Remote work set-ups, accomplished quickly to enable business continuity, have brought increased exposure to threats. 

Takeaway:

Businesses demonstrated that they can quickly and smoothly shift their workforces from on-premise to remote. But many admit that they have much more to do to prove that their remote-work arrangements are secure.

The mix of remote work, on-site and managed services are here to stay. With distributed work, regardless of where the user or device is located, gaining access to your critical data and infrastructure is expected to follow the same strict and relentless authentication process.


Within your company, have you seen a change or expect a change in the incidence of attacks related to COVID-19? (Respondents who saw/expect an "increase")


Since February 2020
Over the next 6 months

Risks from use of non-enterprise devices and software (due to remote work)
%
%
Phishing attacks
%
%
Compliance and regulatory risks arising from moves to new models (e.g. telehealth, direct-to-consumer, etc.)
%
%
Risks coming through (inadequately secured) third parties
%
%
Access by non-credentialed users (due to remote work security gap)
%
%
Business email compromise
%
%
Ransomware
%
%
Denial of service attacks
%
%
Zero-day exploits
%
%

Source: PwC, Digital Trust Insights Pulse Survey, June 2020: base of 141

The pandemic has caused CISOs to rethink their cyber strategy and investment priorities

Takeaway:

Shifts in strategy and priorities are likely grounded in a better understanding of the extent of potential damage that could happen if businesses do not address certain gaps and vulnerabilities.

According to our PwC 2019 Digital Trust Insights study, enterprise-wide information governance model or a common digital governance model are foundational for organisations that want to increase cloud adoption or shift to digital operating models. When in place, these models function as accelerators to help realise digitisation plans and achieve returns.


Based on what you have learned and experienced during the crisis, which of the following changes to your cybersecurity strategy, if any, are you planning to make? (Please rank up to three. Indexed score.)


Invest in better information governance for better data-driven decision-making
Integrate cyber risks more with the overall enterprise risk management
Increase my company's resilience to severe events
Integrate better on business initiatives
Modernize the cyber infrastructure
Apply AI and other more advanced technologies in our work
Quantify cyber risks better
Automate more processes in the cyber function
Increase my team’s digital skills

Source: PwC, Digital Trust Insights Pulse Survey, June 2020: base of 141

About the survey

This Digital Trust Insights Pulse Survey is a poll of 141 security and technology executives (CISOs, CIOs and similar titles) of US-based companies from May 8 to May 22, 2020. Sixty percent of respondents are executives in large companies ($1 billion and above in revenues); 13% are in companies with $10 billion or more in revenues. Respondents come from a range of industries: Tech, media, telecom (24%), Financial services (23%), Industrial manufacturing and automotive (19%), Consumer markets (17%), Health (12%), and Energy, utilities and mining (4%).  

Comparable statistics are drawn from 2019 Digital Trust Insights studies conducted with more than 3,000 business and IT executives around the world. 

The 2020 Global Digital Trust Insights, a survey of 3,000 business, security, risk, and tech executives around the world, will be conducted in July 2020.

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this Pulse Survey.

If you have any questions or business inquiries, please fill in the form below and submit to us

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Get in touch

Pho Duc Giang

Director, Cyber Security and Privacy Services, PwC Vietnam

Tel: +84 28 3823 0796, ext. 1012

Yu Loong Goh

Director, IT Risk Assurance Services, PwC Vietnam

Tel: +84 28 3823 0796, Ext. 1007

Hide