Most UK companies will pivot their cybersecurity strategy as the pandemic begins to slow, according to new research.
A report from PwC shows that of 256 business and technology executives surveyed, 96% have changed their tactics. Similarly, 50% of organisations state that cybersecurity will become part of every future business decision.
One-third (34%) say they plan to accelerate digitalisation plans due to the virus, while the same number will implement homeworking for the foreseeable future. In the past, many UK organisations have failed to adopt effective cybersecurity strategies – and data indicates that a major factor is a lack of confidence in cyber budgets.
The PwC research indicates that just 38% of UK organisations are “very confident their cyber budget is allocated to the most significant cyber risks”, compared to 44% globally. Meanwhile, only 36% are “very confident” they are getting the best return on their cyber spend versus 42% globally.
PwC suggests that to improve their return on cyber spending, organisations “should better align their budget to the most serious risks and threats.”
“Our research shows this is already on the agenda for a majority of businesses – 71% of UK respondents agreed that by quantifying cyber risks, their organisation can improve their ability to manage overall risks against spending,” the report states.
CISO’s, too, have a role to play in cybersecurity management. More than a quarter (27%) of respondents said that a CISO’s primary role should be as “a transformational leader,” compared to 20% among global respondents.
Commenting on the importance of CISO’s in business cybersecurity, and potential issues they may face in that role, cybersecurity specialist Jordan Schroeder comments: “Cyber risk is an inherently tricky type of business risk to address, so it is not surprising that the PWC report highlights this.
“Cyber risks are highly technical, they evolve at light speed, and they adapt to the organisation’s efforts to mitigate them. Business leaders can feel unequipped to make the right decisions, and then disheartened when the risks materialise despite their efforts.
“But this is where a business-focused CISO is invaluable. Cyber risk is a dance with an ever-changing tune. A CISO can lead that dance and ensure that the right risks are being treated the right way in order that business goals can be met throughout the year.”
Shroeder continues: “Covid-19 has resulted in a sudden jolt in how organisations do business and a leap in evolution in how the new business is supported. Before, organisations could maintain the old mindset that, because we are all physically in the same office, IT and digital technology is an add-on to how we do business.
“Now, there is far greater recognition that the business IS digital, and fortunately, business leaders are bringing security along with it. This is great news for everyone.”
When asked about staff hiring to combat cyber threats, 42% of surveyed organisations say they plan to increase their headcount, with new starts expected to “possess more than just technical knowledge”.
Security intelligence (46%) and working with cloud solutions (40%) are cited as the most important skills, followed closely by communication (38%), project management (38%) and analytical skills (37%).
- DIGIT Movers and Shakers | October 2020
- Fresh investment to help SICCAR grow data-sharing platform
- British cyber-spies targeted spread of Covid-19 propaganda
Daisy McCartney, Cyber Security Culture and Behaviour Lead at PwC, said: “As cybersecurity becomes a strategic priority, organisations should be hiring talent from more diverse backgrounds.
“Security teams need a mix of soft and technical skills coupled with business knowledge – this helps improve collaboration with senior leaders and ensures that cybersecurity decisions support the organisation’s strategic goals.”
A study carried out by Hiscox in June, the heigh of the pandemic, indicated that UK firms saw a six-fold increase in cybersecurity losses in the 2020 period. However, the data also showed that business leaders and CISO’s were carrying out “more rigorous security measures and higher spending” on cybersecurity, including increasing employee training and budgets.