Cybersecurity has matured. With this conclusion, a new report PwC Digital Trust Insights 2021 begins. Decades after emerging from the IT’s wing, cybersecurity today stands at a critical, exciting moment for the entire industry, organizations, and people it serves. What is changing now, and what will happen next? Experts have asked this question and got feedback from 3249 business and technology executives around the world.
Based on the survey results, PwC identified five key areas: updating cyber strategy, maximizing the benefits of cyber budget, investing in every advantage to level the playing field with attackers, increasing cyber resilience, and taking a proactive approach to team building.
- Cyber strategy Update
Considering the pandemic impact, many organizations had to review and rethink their cybersecurity strategies. This situation pushed most of them to quickly implement their “digital” plans scheduled for the next three to five years. The future has already come: digital health care, industrial automation and robotics, advanced e-commerce, customer service chatbots, virtual reality-based entertainment, cloud-based kitchens, fintech, and much more.
The vast majority (96 percent) of CEOs said they had changed their cybersecurity strategy due to COVID-19. Half of the respondents say they are now more likely to consider cybersecurity in every subsequent business decision. Last year this number was 25%. Interestingly, 51% of CEOs understood the importance of more frequent interaction with information security directors (CISO).
The main digital ambition of 29% of CEOs in 2020 is to make quick and effective decisions. At the same time, 31% of the respondents said that it is a key not to miss out on new digital opportunities. More than one third (35%) of CEOs say they are speeding up automation to reduce costs.
The pandemic has become a turning point for cybersecurity and CISO. With large-scale and rapid business digitization, a cyber strategy is a vital first step for further interaction between business and cybersecurity leaders. CISO’s role in the company is expanding. That affects how the organization creates cyber budges, invests in security solutions, builds sustainability plans, and strengthens the perimeter. This approach will determine whether CISO can become digital trust managers able to safely lead their organizations into the new digital age and combine business values with cybersecurity.
- Extract maximum benefit from the cyber budget
The economics of cybersecurity requires transformation. Today it mainly focuses on the cost side (compliance, etc.). That must change, given the reboot of the cyber strategy. As now we should take cybersecurity into account in every business decision, the cyber project budgets will combine with the companies’ budgets in a strategic, risk-oriented perspective.
Cyber project cost and its importance will be calculated from the risk reduction point of view. That will help to compare values for cyber investments and prioritize them. Quantitative valuation also makes it easier to measure the value of the overall cyber investment portfolio compared to business objectives. This approach will become increasingly popular, especially as markets and regulators require managers and board members to take greater responsibility for cybersecurity and privacy.
More than half of organizations (55 percent) say their cyber budget will increase, not decrease, in 2021. Increasing the cyber budget is good news, but the main thing is how it will be managed. 55% of respondents are not sure that their spending on cybersecurity will cover the most significant risks for the organization. Forty-four percent of respondents say they think about changing the budget process, and 37 percent fully agree that a quantitative assessment of cyber threats can significantly improve the way costs are managed in comparison with risks. However, more than a third fully agree that organizations can strengthen their position in the cyber arena while limiting costs through automation and technology rationalization.
- Investing in every advantage to level the playing field with attackers
Innovation and technology give companies an advantage in the fight against cybercriminals. Cyber startups today are developing rapidly, launching IPO, and attracting multimillion rounds of investments, which cannot but affect the balance of power. 43% of executives say they have improved the quality of customer service and are quick to respond to incidents and disruptions. Over the next two to three years, priorities will include better prevention of successful attacks, faster response to disruptions, effective threat management, and improved customer service.
The existing solution set has enabled the company to move to Zero Trust architecture, real-time threat intelligence, optimization and automation of security systems, identity and access management, and other advanced technologies – mainly due to the three-fold growth of cloud services.
The study found that the larger the company, the more likely it is to claim the benefits of a strategic shift to advanced technologies and restructuring security operations. This data shows that investments in technology, processes, and capabilities, as well as people, are critical to achieving meaningful results in the fight against cybercriminals. Of course, larger organizations with more resources are using new technologies more often to fight cybercriminals. But as technologies become more available and models improve, small and medium enterprises can also benefit.
Cloud technologies are worth mentioning separately. Companies are quickly moving their operations (75 percent) and security (76 percent) to the cloud. They are moving away from static, insecure old systems to more dynamic, flexible, integrated cloud/network systems that are protected by default.
More than a third (35 percent) of executives fully agree that the move to the cloud is fundamental to the next generation of business solutions. And 36 percent agree that existing approaches to cloud infrastructure security are better than ever before.
- Enhancing Cyber Resistance
The probability of cyberattacks in 2020 is higher than ever. This year brought us a lot of cases of hacking, ransom, and data leaks, as well as an increase in the number of phishing. As a result, 40 percent of executives plan to increase the volume of sustainability testing to ensure that business-critical functions run smoothly in the face of an unanticipated scenario.
Experts asked CEOs to assess the likelihood of cyber threats affecting their industry and their impact on organizations in the coming year. Internet of Things and cloud service providers top the list of “very likely” threat vectors (33%). Cyber-attacks on cloud services top the list of threats that will have the “greatest negative impact” (24 percent).
55% of respondents assume that their cloud service provider is likely to be exposed to threats next year, and 45% believe that the consequences of such an attack will be negative or very negative.
- A proactive approach to team building
There is only one problem with the cybersecurity labor market – the lack of qualified workers. PwC says that in 2021 it is planned to close 3.5 million jobs. Recent studies show that the U.S. alone has 50 percent fewer candidates than required.
Fifty-one percent of executives surveyed said they plan to increase full-time cybersecurity staff over the next year, with more than 22 percent saying they will increase staff by 5 percent or more. Top jobs in demand include cloud architects (43 percent), security professionals (40 percent), and data analysts (37 percent). An alternative that many organizations use to close vacancies is to upgrade existing employees.
In addition to technical skills, managers (40%) pay attention to analytical skills (47%), communication skills (43%), critical thinking (42%), and creativity (42%) when hiring. Shaping the future of cybersecurity that keeps pace with business involves hiring people who are willing to work in collaboration with others to solve new, undiscovered problems and analyze information.