Executives to invest more in cyber security capabilities in 2021

23 November 2020 Consultancy.uk
Profile
More news on

As the rapid digitalisation of work brought on by Covid-19 opens doors to cyber-criminals across the world, more than half of all companies are planning to increase cyber security spending in 2021. However, according to a new study, more than one-fifth of British organisations are planning to downsize their cyber team in the coming 12 months.

The lockdown brought in to fight the Covid-19 pandemic saw companies become more reliant on decentralised digital operation systems than ever before – something many of them were not prepared for in terms of becoming exposed to cyber-attacks. A recent study found that 65% of organisations in the UK alone have either been breached or exposed to an attack. Meanwhile, only 42% said they were “well prepared” for moving to remote working, compared to 45% who were “somewhat prepared” and 13% who were not prepared at all – leaving more than half of all firms at least moderately under threat.

The sudden shift towards home working in the lockdown has emphasised cyber security’s importance for both individual organisations and wider society, then. Amid the increasing sophistication of cyber criminals, and the rapid shift to digital technologies brought about by the coronavirus, PwC has launched its latest insights into what’s changing and what’s next in cyber security.

Threats, actors, and events: relative likelihood and impactBased on a survey of 3,249 business and technology executives from around the world, including 265 in the UK, IoT and cloud service providers top the list of ‘very likely’ threat vectors in the coming 12 months. They were mentioned by 33%, , while cyber-attacks on cloud services were found to be the most likely threats to have a significantly negative impact – as noted by 24% of those polled.

UK respondents were even more pessimistic on the situation, with 58% citing an attack on cloud services, followed by a disruptionware attack on critical business services at 52%, and a ransomware attack at 50%. Perhaps this is why Uk executives came across as so much keener to upgrade their cyber defences. Around 40% of executives in the global survey planned to increase resilience testing to ensure that, if a disruptive cyber event occurs, their critical business functions will stay up and running – but 96% of UK respondents said that they will shift their cyber security strategy due to Covid-19.

More are increasing cyber budgets than decreasing them in 2021

Unsurprisingly, cyber budgets are increasing across the board for the coming year. In 2021, with 55% of those polled said they were increasing their spending in the area in 2021 – even as 64% of executives expect business revenues to decline. If that forecast does come true, and the global economy struggles in 2021, a cyber breach could be the death of many firms. However, such is the dire situation at many firms that more than a quarter of respondents will be downsizing their spending, leaving cyber teams to do more with less, while 13% will have to make do with static budgets.

In the UK, meanwhile, PwC found that the majority of organisations lack confidence in their cyber spend – indicating that there could be trouble ahead for cyber teams when cost cutting programmes are needed. Just 36% of UK respondents are very confident they are getting the best return on their cyber spend versus 42% globally – and while a higher than average 56% of UK respondents are planning to increase their cyber budgets in 2021, this might well fall depending on just how bad things get for the British economy in its first year outside of the European Union.

More than half of businesses are expanding their cybersecurity teams

The increased spending on cybersecurity includes ramped up recruitment for personnel over the coming year. According to PwC, 51% of executives plan to add full-time cybersecurity personnel over the next year. Globally, top roles which will be in demand relate to cloud solutions – which as mentioned is a major area of concern at present – at 43%, security intelligence at 40%, and data analysis at 37%. Interestingly, however, UK respondents seem much more reserved when it comes to hiring. Just 42% of UK respondents said they plan to increase their headcount, and 22% of UK organisations are actually planning to decrease the size of their cyber security team, compared to 16% globally.

Richard Horne, Cyber Security Chair, PwC said, “It's surprising that so many organisations lack confidence in their cyber security spend. It shows businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, while changing the way they think about cyber risk so it becomes an intrinsic part of every business decision.”