Cyber strategy hits critical point

Editorial Type: Research Date: 2021-03-01 Views: 40 Tags: Security, Cyber Security, Cyber-Crime, Covid-19, Ransomware, PwC, Innovate UK, BlackDice PDF Version:
Cyber security has never had more relevance, when set against a burgeoning backdrop of challenges that will undoubtedly continue to vex organisations in the year ahead

The increasing sophistication of cyber criminals, coupled with the rapid shift to digital technologies brought about by the coronavirus (COVID-19) pandemic, has emphasised cyber security's importance for both individual organisations and wider society. Amidst this backdrop, the professional services network firm PwC has launched its latest insights into what's changing and what's next in cyber security. The findings are based on a survey of 3,249 business and technology executives from around the world, including 265 in the UK.

An overwhelming 96% of UK respondents said that they will shift their cyber security strategy, due to COVID-19, with half now saying they are more likely to consider cyber security in every business decision. In addition, a third of UK respondents (34%) plan to accelerate their digitalisation plans, on account of COVID-19.

Daisy McCartney, PwC: security teams need a mix of soft and technical skills, coupled with business knowledge.

When asked what they saw as being the most likely cyber events to impact their industry over the next 12 months, 58% of UK respondents cited an attack on cloud services, followed by a disruptionware attack on critical business services (52%) and a ransomware attack (50%).

At a global level, PwC's research showed that the strategic focus on cyber security will lead to a more prominent role for the chief information security officer (CISO). Two-fifths (43%) of global respondents agree that there will be more frequent interactions between the CISO and CEO or board, but this falls to 34% in the UK. This shows that more needs to be done to elevate cyber security conversations to UK boardrooms, says PwC, and this could be achieved by better aligning cyber risk to business strategy.

The research found that a majority of organisations lack confidence in their cyber spend. Just 38% of UK respondents are very confident their cyber budget is allocated to the most significant cyber risks, compared to 44% globally. Similarly, only 36% of UK respondents are very confident that they are getting the best return on their cyber spend versus 42% globally. Despite this lack of confidence, 56% of UK respondents are planning to increase their cyber budgets in 2021.

Richard Horne, cyber security chair, PwC, comments: "It's surprising that so many organisations lack confidence in their cyber security spend. It shows businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, while changing the way they think about cyber risk, so it becomes an intrinsic part of every business decision."

Richard Horne, PwC: surprising so many organisations lack confidence in their cyber security spend.

When asked whether they would be expanding their cyber security teams in 2020, 42% of UK respondents said they plan to increase their headcount, compared to 51% globally. However, the research also found that more than a fifth (22%) of UK organisations are planning to decrease the size of their cyber security team, compared to 16% globally.

New hires in the UK are expected to possess more than just technical knowledge. When asked which cyber security skills were most in demand, UK respondents cited security intelligence (46%) and the ability to work with cloud solutions (40%) as the most important skills for new employees, closely followed by communication (38%), project management (38%) and analytical skills (37%). This reflects the evolution of the industry, states PwC, with cyber teams now required to work collaboratively with the rest of the business to develop a strategic, analytical approach to cyber security.

Daisy McCartney, cyber security culture and behaviour lead at PwC, argues that, as cyber security becomes a strategic priority, organisations should be hiring talent from more diverse backgrounds. "Security teams need a mix of soft and technical skills, coupled with business knowledge - this helps improve collaboration with senior leaders and ensures that cyber security decisions support the organisation's strategic goals."

Meanwhile, cyber attacks may soon be spotted and blocked before they even have a chance to wreak havoc in organisations' operations, according to cyber security firm BlackDice, which is developing the machine learning and predictive analytics designed to forecast and protect against cyber attacks, following a £100,000 grant from Innovate UK, the UK's innovation agency's Sustainable Innovation Fund. The objective is to help all UK sectors rebuild after the effects of COVID-19.

BlackDice applied for the grant on 1 September 2020 and will use the funding to develop machine learning in predictive analytics, allowing the technology to forecast cyber-attacks before they happen. Telecom operators will have the ability to watch attack scenarios to help them understand external activity, which is a key indicator of the internet and behaviour data from BlackDice's device network.

Paul Hague, BlackDice: aim is to protect devices and networks from rising threat of cyber-attacks.

Innovate UK will be investing up to £191 million to fund single and collaborative research and development projects through its Sustainable Innovation Fund over the next two years. The programme will fund 1,103 projects, 1,189 businesses, with a total of more than £130 million in support for the UK.

"These funds feed directly into BlackDice's 2021 plans for software development," says Paul Hague, CEO of BlackDice. "The funds will help to provide state-of-the-art preventive vaccine technology, which helps to protect devices and networks from the rising threat of cyber-attacks. 2020 has been a challenging year for telecommunication operators, and this grant shows the importance of cyber security solutions and how they can keep customers' data safe from harm."

In a wide-ranging PwC survey of UK executives, 96% say they have shifted their cyber security strategy, due to COVID-19:
  • 34% state that they are accelerating digitisation
  • Only 38% are very confident their cyber budget is allocated to the most significant cyber risks
  • 42% plan to increase cyber team headcount.
However, the UK responses lag somewhere behind global findings in a number of key areas, states PwC, such as the importance of the CISO role, return on cyber spend and headcount.