Cybersecurity evolves rapidly to address challenges of new technologies, talent scarcity and the need for resilience and innovation

• _{96% of executives have shifted their cybersecurity strategy due to COVID-19}
• _{40% of executives say they’re accelerating digitisation}
• _{3.5 million cyber jobs are waiting to be filled worldwide}
• _{55% of respondents lack confidence their cyber spending is allocated towards the most significant risks}

Brussels, 15 October 2020 – The cybersecurity profession has matured and stands at a pivotal point for the organisations and people it serves. Against the background of COVID-19, PwC has launched its Global Digital Trust Insights 2021: Cybersecurity Comes of Age, which brings together insights from 3,249 business and technology executives worldwide into what’s changing and what’s next in cybersecurity. The survey focuses on five key areas: updating cyber strategy, future-proofing cyber teams, getting the most out of cyber budgets, investing to level the playing field against attackers, and building resilience.

Updating cyber strategy - from cyber security to digital trust

An overwhelming 96% of the respondents worldwide said they’re shifting their cybersecurity strategy due to COVID-19, with 50% now saying they are more likely now to consider cybersecurity in every business decision, up from 25% last year. In addition, 40% of Western European CEOs stated they are more likely to have frequent interactions with the Chief Information Security Officer (CISO). In the pandemic’s first three months, CEOs reported their organisations were accelerating digitisation at a surprising speed, advancing to year two or three of their five-year plans. Doing things faster and more efficiently is the top digital ambition for 28% of executives in Western Europe, while 32% are modernising with new capabilities. Almost one third (31%) of Western European respondents say they’re speeding up automation to cut costs.

 “As a result of the unprecedented impact of COVID-19 many organisations have had to re-think and re-frame their cybersecurity strategies,” says Ingvar Van Droogenbroeck, Partner and cybersecurity leader at PwC Belgium. “The evolving role of the CISO and their importance to the organisation has never been more critical to both its survival and growth. It’s important for CISOs to carefully balance technology and business requirements, while supporting the organisation in its cyber strategy.”

 Help wanted: future-proofing cyber teams through hiring, upskilling and managed services

With 3.5 million cyber security jobs to be filled worldwide in 2021, one problem plaguing the cybersecurity industry is a lack of skilled workers. 47% of Western European executives in the survey said they plan to add full-time cybersecurity personnel over the next year, with more than 18% saying they will increase staffing by 5% or more.

 The top roles executives worldwide are looking to fill: cloud solutions architects 43%, security intelligence 40%, and data analysis 37%. An alternative many organisations have used to fill job vacancies is ‘hiring from within,’ offering upskilling to increase existing workers’ skills in the same areas they’re hiring for: digital skills, business acumen, and social skills. Managed services can also be a solution. They not only help avoid technology investment costs, but also the risks that legacy technology poses, including the need for constant upgrades.

An overwhelming majority — 91 percent — of Western European executives use or plan to use managed services. 15% say they’re already realising benefits from managed services, 27% have implemented them at scale, while 31% are starting to use them, and 18% plan to do so.

 Raising confidence in cyber budget decisions

Half of Western European organisations (50)%, state that their cyber budget will be increasing rather than decreasing in 2021. While a larger budget for cybersecurity is good news, the industry should expect changes in the way they are being managed, going forward.  Worldwide, more than half (55%) of those surveyed lack confidence that their cyber spending is allocated towards the most significant risks to the organisation. 44% say that they’re thinking about changing their budgeting process, and 37% strongly agree that quantification of cyber risks can significantly improve the way they manage spending against risks. Nevertheless, more than one third strongly agree that organisations can strengthen their cyber posture while containing costs — thanks to automation and rationalisation of technology.

 Levelling the playing field against cyber attackers

Innovation is changing the cybersecurity game, giving new advantages to defenders and levelling the playing field with attackers. And the existing array of cyber solutions has matured, enabling a shift to Zero Trust architectures, real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management, and other advanced technologies — prompted in large part by a threefold growth in cloud services worldwide.

 In our Global DTI 2021 survey, we looked at 25 new cybersecurity approaches and practices and tracked the measures on which organisations say they’ve made significant progress. The findings suggest that investing in technologies, processes and capabilities, and people is critical to making meaningful headway against attackers. And they underscore the importance of a CISO who can play a transformational leader role.

 Building resilience

In a year filled with many “first-evers”, financial, public health, and cyber organisations reported a surge in intrusions, ransomware, data breaches in health and educational institutions, and phishing. As a result, 39% of the Western European executives surveyed said they plan to increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs.

 “The next-gen security organisation has a three-fold mission: build trust, build resilience, and accelerate innovation. In short, it’s going to be very different from most security organisations today,” commented Ingvar Van Droogenbroeck, Partner in PwC Belgium’s cybersecurity practice. “This will be particularly challenging given the outlook in terms of threat vectors, events and actors. Our range of vulnerabilities continues to rise, driven by successive waves of technological change that organisations are embracing, such as IoT and the cloud. Combined with this, the number of threat actors and the types of attacks we can expect means that we’re asking our cybersecurity teams to leap forward in terms of evolution. That in turn will mean investing in people and technology, and having a deep understanding how information security risk impacts broader enterprise risk.”  

 The threat outlook for 2021: cloud service providers and social engineering top the list of likely threats in Western Europe, while attacks on cloud services and ransomware breaches cited as the most likely incidents. Cybercriminals and hackers continue top the list of likely threat actors as well as the actors expected to do the most damage.

About the Digital Trust Insights survey

“Cybersecurity comes of age: Global Digital Trust Insights 2021” is based on PwC’s survey of 3,249 business, technology, and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs, and C-Suite officers) conducted in July and August 2020. 1,096 respondents (34%) are from Western Europe.

 Respondents worldwide operate in a range of industries: tech, media, telecom (22%); retail and consumer markets (20%); financial services (19%); industrial manufacturing (19%); health (8%); and Energy, utilities, and resources (8%). In terms of revenue, in Western Europe 52% of respondents’ companies had revenues of less than USD 1 billion, and 48% had revenues over USD 1 billion. Only 8% had revenues of less than USD 250 million. In terms of employees, 69% employed over 1,000 people.

 Download the full report here.

Contact

Erik Oosthuizen

[email protected]

0474 56 42 76

www.pwc.com