|Home>||Security||>Integrated Systems||>“Cyber security strategy reaching critical point for UK executives” states PwC report|
|Home>||Security||>IT Security||>“Cyber security strategy reaching critical point for UK executives” states PwC report|
|Home>||Security Matters||>Security Matters||>“Cyber security strategy reaching critical point for UK executives” states PwC report|
“Cyber security strategy reaching critical point for UK executives” states PwC report
11 November 2020
IN A wide-ranging survey of UK executives conducted by PwC, 96% of respondents admit that they’ve shifted their cyber security strategy due to COVID-19. 34% are accelerating digitisation, but only 38% are very confident that their cyber budget is allocated to the most significant cyber risks. 42% plan to increase their cyber team headcount.
Notably, the UK responses lag behind global findings in a number of key areas such as the importance of the Chief Information Security Officer (CISO) role, the return on cyber spend and the aforementioned headcount.
The increasing sophistication of cyber criminals coupled with the rapid shift towards digital technologies brought about by the COVID-19 pandemic has emphasised cyber security’s importance for both individual organisations and wider society alike.
PwC has launched its latest insight study into what’s changing and what’s next in cyber security. The findings are based on a survey of 3,249 business and technology executives from around the world, including 265 here in the UK.
Updating cyber strategy
An overwhelming 96% of UK respondents said that they will shift their cyber security strategy due to COVID-19, with half now suggesting they’re more likely to consider cyber security in every business decision. In addition, a third of UK respondents (34%, in fact) plan to accelerate their digitalisation plans due to COVID-19.
When asked what they see as being the most likely cyber events to impact their industry over the next 12 months, 58% of UK respondents cited an attack on cloud services followed by a ‘disruptionware’ attack on critical business services (52%) and a ransomware attack (50%).
At the global level, PwC’s research shows that the strategic focus on cyber security will lead to a more prominent role for the CISO. Two-fifths (43%) of global respondents agree that there will be more frequent interactions between the CISO and the CEO or the Board, but this number falls to 34% in the UK.
On that basis, more needs to be done to elevate cyber security conversations to UK Boardrooms. PwC suggests that this could be done by better aligning cyber risk with overall business strategy.
Low confidence in cyber budgets
The research finds that a majority of organisations lack confidence in their cyber spend. Just 38% of UK respondents are very confident their cyber budget is allocated to the most significant cyber risks compared to 44% globally. Similarly, only 36% of UK respondents are very confident they’re receiving the best return on their cyber spend versus 42% globally.
Despite this lack of confidence, 56% of UK respondents are planning to increase their cyber budgets in 2021.
Richard Horne, cyber security chair at PwC, commented: “It's surprising that so many organisations lack confidence in their cyber security spend. This shows that businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, while also changing the way they think about cyber risk such that it becomes an intrinsic part of every business decision.”
Hiring for the future
When asked whether they would be expanding their cyber security teams in 2020, 42% of UK respondents said they plan to increase their headcount compared to 51% globally. However, the research also unveils the fact that more than one fifth (22%) of UK organisations are planning to decrease the size of their cyber security team compared to 16% globally.
New hires in the UK are expected to possess more than just technical knowledge. When asked which cyber security skills are most in demand, UK respondents cited security intelligence (46%) and the ability to work with cloud solutions (40%) as the most important skills for new employees, closely followed by communication abilities (38%), project management (38%) and analytical skills (37%).
This last finding duly reflects the evolution of the industry, with cyber teams now required to work collaboratively with the rest of the business on developing a strategic and analytical approach towards cyber security.
Daisy McCartney, cyber security culture and behaviour lead at PwC, concluded: “As cyber security becomes a strategic priority, it follows that organisations should be hiring talent from more diverse backgrounds. Security teams need a mix of soft and technical skills coupled with business knowledge. This helps to improve collaboration with senior leaders and ensures that cyber security decisions support the organisation’s strategic goals.”
*Global Digital Trust Insights 2021: Cyber Security Comes of Age is based on PwC’s survey of 3,249 business and technology executives from around the world. To find out more about the UK scenario visit: www.pwc.co.uk/issues/cyber-security-services/insights/cyber-security-strategy-2021.html