COVID has redefined approach to cyber risks – survey

Firms and individuals have increased their focus on cyber security due to the impact of the COVID pandemic but there are still significant gaps and uncertainty in many firms.

PwC has issued its latest survey into attitudes to cyber risk which found the increasing sophistication of cyber criminals, coupled with the rapid shift to digital technologies brought about by the coronavirus pandemic has emphasised cyber security’s importance for both individual organisations and wider society.

It also found that there a clear move towards the need for new skillsets within firms to effectively provide the necessary cyber resilience to meet the changing nature of the risks firms face.

The firm surveyed of 3,249 business and technology executives from around the world, in an effort to understand the attitudes to cyber risk.

It found an overwhelming 96% of UK respondents said that they will shift their cyber security strategy due to COVID-19, with half now saying they are more likely to consider cyber security in every business decision. In addition, a third of UK respondents (34%) plan to accelerate their digitalisation plans due to COVID-19.

When asked what they saw as being the most likely cyber events to impact their industry over the next 12 months, 58% of UK respondents cited an attack on cloud services, followed by a disruptionware attack on critical business services (52%) and a ransomware attack (50%).

At a global level, PwC’s research showed that the strategic focus on cyber security will lead to a more prominent role for the chief information security officer (CISO). Two-fifths (43%) of global respondents agree that there will be more frequent interactions between the CISO and CEO or board, but this falls to 34% in the UK.

“This shows that more needs to be done to elevate cyber security conversations to UK boardrooms, and this could be done by better aligning cyber risk to business strategy,” the research warned.

It found that a majority of organisations lack confidence in their cyber spend. Just 38% of UK respondents are very confident their cyber budget is allocated to the most significant cyber risks, compared to 44% globally. Similarly, only 36% of UK respondents are very confident they are getting the best return on their cyber spend versus 42% globally. Despite this lack of confidence, 56% of UK respondents are planning to increase their cyber budgets in 2021.

Richard Horne, Cyber Security Chair, PwC said: “It’s surprising that so many organisations lack confidence in their cyber security spend. It shows businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, while changing the way they think about cyber risk so it becomes an intrinsic part of every business decision.”

Looking to the future when asked whether they would be expanding their cyber security teams in 2020, 42% of UK respondents said they plan to increase their headcount compared to 51% globally. However, the research also found that more than a fifth (22%) of UK organisations are planning to decrease the size of their cyber security team compared to 16% globally.

New hires in the UK are expected to possess more than just technical knowledge. When asked which cyber security skills were most in demand, UK respondents cited security intelligence (46%) and the ability to work with cloud solutions (40%) as the most important skills for new employees, closely followed by communication (38%), project management (38%) and analytical skills (37%).

“This reflects the evolution of the industry, with cyber teams now required to work collaboratively with the rest of the business to develop a strategic, analytical approach to cyber security,” said the study.

Daisy McCartney, Cyber Security Culture and Behaviour Lead, PwC said: “As cyber security becomes a strategic priority, organisations should be hiring talent from more diverse backgrounds. Security teams need a mix of soft and technical skills coupled with business knowledge – this helps improve collaboration with senior leaders and ensures that cyber security decisions support the organisation’s strategic goals.”