Decades after emerging from under IT’s wing, the cybersecurity profession has matured. Armed with the insight and foresight that only experience can provide; cybersecurity stands at a pivotal point for the industry, organizations and people it serves.
Amid the backdrop of COVID-19, PwC launches it’s latest installment in the Digital Trust Insights series – Global Digital Trust Insights 2021: Cybersecurity comes of age – insights into what’s changing and what’s next in cybersecurity. The report is gathered from a survey of 3,249 business and technology executives from around the world.
The feedback from survey respondents was focused on five key areas: updating cyber strategy, future proofing cyber teams, getting the most out of cyber budgets, investing to level the playing field against attackers, and building resilience.
Updating cyber strategy
An overwhelming 96% of the respondents, said they’ll shift their cybersecurity strategy due to COVID-19, with 50% now saying they are more likely now to consider cybersecurity in every business decision up from 25% last year. In addition, 51% of CEOs stated they are more likely to have frequent interactions with the Chief Information Security Officer (CISO). In the pandemic’s first three months, CEOs reported, their organizations were accelerating digitization at a surprising speed, advancing to year two or three of their five-year plans.
“Given the unprecedented impacts of COVID-19 – many organizations had to re-think and re-frame their cybersecurity strategies. The evolving role of a CISO and their importance to the organization has never been more critical to both its survival and growth. It is important for CISOs to balance the nuances of technology and business requirements, while supporting the organization in their cyber strategy,” said Sean Joyce, Global Cybersecurity, Privacy, and Forensics leader, PwC US.
Doing things faster and more efficiently is the top digital ambition for 29% of executives, while 31% are modernizing with new capabilities. More than one-third – 35% – say they’re speeding up automation to cut costs.
Help wanted! Future-proofing cyber teams
With 3.5 million cyber security jobs to be filled in 2021 – the one problem plaguing the cybersecurity industry is a lack of skilled workers. Fifty-one percent of executives in the survey said they plan to add full-time cybersecurity personnel over the next year, with more than 22% saying they will increase staffing by 5% or more.
The top roles executives are looking to fill: cloud solutions architects 43%, security intelligence 40%, and data analysis 37%. An alternative many organizations have used to fill job vacancies is ‘hiring from within,’ offering upskilling to increase existing workers’ skills in the same areas they’re hiring for: digital skills, business acumen, and social skills. A few organizations have started to rely on managed services to fill the acute need for deep talent and advanced technologies.
Rethinking cyber budgets
More than half of organizations, 55%, state that their cyber budget will be increasing rather than decreasing in 2021. While a larger budget for cybersecurity is good news, the industry should expect changes in the way they are being managed, going forward. More than half (55%) surveyed lack confidence that their cyber spending is allocated towards the most significant risks to the organization. Forty-four percent say that they’re thinking about changing their budgeting process, and 37% strongly agree that quantification of cyber risks can significantly improve the way they manage spending against risks. Nevertheless, more than one-third strongly agree that organizations can strengthen their cyber posture while containing costs — thanks to automation and rationalization of tech.
Leveling the playing field against cyber attackers
Innovation and technology are changing the way organizations are leveling the playing field against cyber attackers, with 43% percent of executives saying they’ve improved customer experiences, and are responding more quickly to incidents and disruptions. The top-ranked outcomes desired in the next 2-3 years are: increased prevention of successful attacks, faster response times to disruptions, improved confidence of leaders in ability to manage threats, and improved customer experience.
Results for the survey found that executives from large organizations ($1B+) are more likely to report benefits from making a strategic shift to advanced technologies and restructuring security operations. Respondents from the largest organizations ($10B+) were also more likely to report gains from using security models and technologies including Zero Trust, managed services, virtualization, and accelerated cloud adoption.
These findings suggest that investing in technologies, processes and capabilities, and people is critical to making meaningful headway against attackers. And they underscore the importance of a CISO who can play a transformational leader role.
In a year filled with many “first-evers” economic, public health, and cyber organizations, saw a surge in intrusions, ransomware, data breaches in health and educational institutions, and phishing. As a result, 40% of the executives surveyed said they plan to increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs.
“The next-gen security organization has a three-fold mission: build trust, build resilience, and accelerate innovation. In short, it’s going to be very different from most security organizations today,” said Sean Joyce.
The threat outlook for 2021: Internet of Things (IoT) and cloud service providers top the list of ‘very likely’ threats (mentioned by 33%), while cyber attacks on cloud services top the list of threats that will have ‘significantly negative impact’ (reported by 24%).