In light of the escalating frequency and magnitude of cybersecurity breaches, cybersecurity has become a priority for organisations and boards of all sizes. Gartner projects that 40 per cent of boards of directors globally will have a cybersecurity committee overseen by a qualified member by 2025, up from less than 10 per cent today. There is now a huge boardroom demand for cybersecurity experts.
The long-term damage of a cyberattack to the value and reputation of an organisation is incalculable, and that is why today, many boards seek members with cybersecurity knowledge and expertise.
As a profession, cybersecurity has matured after decades under the IT wing. In the hands of those with experience, cybersecurity is poised to become a pivotal point for the boards, organisations, and individuals it serves.
Amid the backdrop of COVID-19, PwC’s report Global Digital Trust Insights 2021: Cybersecurity comes of age examines what’s changing and what’s next in cybersecurity.
This report is based on a survey of 3,249 business and technology executives around the world.
Respondents to the survey focused on five key areas:
- Updating cyber strategy
- Future-proofing cyber teams
- Maximising cyber budgets
- Levelling the playing field against attackers
- Building resilience
The report also found that:
- 96% of executives have shifted their cybersecurity strategy due to COVID-19
- 40% of executives say they’re accelerating digitisation
- 3.5 million cyber jobs waiting to be filled worldwide
- 55% of respondents lack confidence their cyber spending is allocated towards the most significant risks
‘The next-gen security organisation has a three-fold mission: build trust, build resilience, and accelerate innovation. In short, it’s going to be very different from most security organisations today.’ Sean Joyce
Updating cyber strategy
96% of the respondents said they will change their cybersecurity strategy due to COVID-19, with 50% indicating they will now consider cybersecurity in every business decision, up from 25% last year.
Additionally, 51% of CEOs and boards said they had more frequent interactions with the chief information security officer (CISO).
Following the pandemic, CEOs reported that their organisations had accelerated digitisation at a surprising speed, advancing to year two or three of their five-year plans.
“Given the unprecedented impacts of COVID-19, many organisations had to rethink and re-frame their cybersecurity strategies. The evolving role of a CISO and its importance to the organisation has never been more critical to its survival and growth. It is important for CISOs to balance the nuances of technology and business requirements while supporting the organisation in their cyber strategy,” said Sean Joyce, global cybersecurity, privacy, and forensics leader, PwC US.
29% of business leaders say their top digital ambition is doing things faster and more efficiently, while 31% seek to modernise with new capabilities. 35% of respondents say automation is speeding up to cut costs.
‘Over half (55%) of the respondents do not believe their cyber expenditures are focused on those threats that pose the most significant risk to the organisation.’ PWC
Future-proofing cyber teams and boards
In 2021, there will be 3.5 million available jobs in cybersecurity. Still, the main obstacle to a thriving cybersecurity industry is a lack of skilled workers and experts, particularly at the board level.
The survey found that 51 per cent of executives planned to hire full-time cybersecurity personnel in the next year; 22% said they would increase staffing by at least 5%.
Executives want to fill the following roles: cloud solution architects 43%, security intelligence 40%, and data analysis 37%.
One alternative many organisations have used to fill job vacancies is ‘hiring from within,’ up-skilling existing workers to increase their skills in the same areas they are hiring for: digital skills, business acumen, and interpersonal skills.
Few organisations are relying on managed services to meet their acute need for talent and advanced technology.
Rethinking cyber budgets
According to 55% of organisations, their cyber budget will increase rather than decrease in 2021.
As cybersecurity budgets increase, the industry should expect changes in how they are managed in the future.
- Over half (55%) of the respondents do not believe their cyber expenditures are focused on those threats that pose the most significant risk to the organisation.
- 44% of respondents say they are considering making changes to their budgeting process.
- In comparison, 37% say that quantifying the cost of cyber risks will improve their spending to protect themselves.
- However, more than one-third of respondents agree that automation and rationalisation of tech will strengthen a company’s cyber posture while keeping costs low.
Levelling the playing field against cyber attackers
The survey found that executives from large organisations with revenues of $1 billion or more were more likely to report benefits from adopting advanced technologies and restructuring security operations. Companies with incomes over $10B were more likely to report using security models and technologies such as Zero Trust, managed services, virtualisation, and accelerated cloud adoption.
To make meaningful progress against attackers, investing in technologies, processes, and people is crucial. Additionally, this highlights the importance of CISOs who are capable of acting as transformational leaders.
Building resilience and the boardroom demand for cybersecurity experts
A year filled with many “first-evers” in economic, public health, and cyberspace saw increased intrusions, ransomware, breaches of health and educational institutions, and phishing.
Accordingly, 40% of executives surveyed said they plan to increase resilience testing to ensure critical business functions will function even in a disruptive cyber event.
“The next-gen security organisation has a three-fold mission: build trust, build resilience, and accelerate innovation. In short, it’s going to be very different from most security organisations today,” says Sean Joyce.
The threat of a cyberattack remains a formidable one.
Note to readers
Cybersecurity comes of age: Global Digital Trust Insights 2021 based on PwC’s survey of 3,249 business and technology executives from around the world. To download the full report, go here.