Digital Trust Insights 2021
The 2021 Global Digital Trust Insights survey of 3,249 business, technology, and security executives, including 100 from Australia, looks at how cyber execs are responding to keep businesses safe.
Decades after emerging from under IT’s wing, the cybersecurity profession has matured. Armed with the insight and foresight that only experience and wisdom can provide, cyber stands at a critical, pivotal, exciting time for the industry and the organisations and people it serves.
In the initial three months of the COVID-19 pandemic, 39% of Australian CEOs reported their organisations accelerated digitisation plans, with 40% of executives saying their primary focus for this acceleration is growth — perhaps taking on business strategies they hadn’t imagined before.
Their digital ambitions have skyrocketed. 27% are changing their core business model and redefining their organisations, compared with 21% globally, while 18% are breaking into new markets or industries. Both categories have doubled since our survey last year.
Speed and efficiency in operations is the top digital ambition for 29% of executives, while 31% are modernising with new capabilities. More than one-third (35%) say they’re speeding up automation to cut costs, which is no surprise at a time when revenues are down.
Nearly all (96%) say they’ll adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in every business decision — that’s up from 25% in our survey last year.
New times also call for new CISO leadership modes. 40% of executives say they need the CISO to be a transformational leader (20%) or an operational leader and master tactician (20%). These roles are encompassing and call for the multifaceted expertise that CISOs have built.
55% of technology and security executives in our Australian DTI 2021 survey plan to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021. Clearly, cybersecurity is more business-critical than ever before.
More than half (55%) of respondents lack confidence that cyber spending is aligned to the most significant risks with 55% believing that their budget is not placed to provide the best ROI when it comes to remediation, risk mitigation and/or response techniques — and if a severe cyber attack took place? Over half (55%) say they wouldn’t have the budget to cover this expense.
Cyber budgets could — and should — link to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way, but 53% lack confidence that their current process does this.
And with regard to preparedness for future risks, executives are not confident that cyber budgets provide adequate controls over emerging technologies (58%). With confidence lagging in the process used to fund cybersecurity, executives say it’s time for an overhaul. 44% say they’re trying new budgeting processes, and considering how best to convince the CEO and board to assign needed funds. Nevertheless, more than one-third strongly agree that organisations can strengthen their cyber posture while containing costs — thanks to automation and rationalisation of tech.
The existing array of cyber solutions has matured, enabling real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management, and other advanced technologies — prompted in large part by a threefold growth in cloud services.
Early switchers have taken advantage of these developments. But, more important, they’re investing in the classic digital transformation trifecta — people, processes, and technologies — to close the wide lead that attackers have long held. Of the 25 new cybersecurity approaches surveyed in Australia between 15% and 19% of executives say they’re already benefiting from some of these new practices.
Companies are rapidly moving their operations (75%) and security (76%) to the cloud. They’re doing away with static, inherently insecure legacy systems in favor of more dynamic, nimble integrated cloud/network systems that are secure by design.
35% of executives strongly agree that moving to the cloud is foundational for the next generation of business solutions for their organisation. And 36% strongly agree that new solutions exist to secure cloud infrastructures better than they have ever been in the past.
The likelihood of cyberattack is greater in 2020 than ever before. We asked executives to rank the likelihood of cyber threats affecting their industry, and the impacts on their organisations, over the coming year. IoT and cloud service providers top the list of ‘very likely’ threat vectors (mentioned by 33%), while cyber attacks on cloud services top the list of threats that will have ‘significantly negative impact’ (reported by 24%).
Accelerated and increased digitisation means a larger presence for a digital attack and potential for harm to the business. Most likely to occur in the next year and potentially most damaging, survey respondents said, are attacks on cloud services, disruptionware affecting critical business services (operational technology), and ransomware. Are your investments addressing these threats?
More than half (51%) of executives in our Australian DTI 2021 survey say they plan to add full-time cybersecurity personnel over the next year and 22% will increase their staffing by 5% or more.
Top roles they want to fill:
- cloud solutions (43%)
- security intelligence (40%)
- and data analysis (37%)
Cloud security and security analysis are among the skills that are considered as being in shortest supply. Shaping the future of cybersecurity — one that is in step with the business — means hiring the people who are ready to work collaboratively with others to tackle new, as-yet-undiscovered problems and analyse information.
Enterprises feeling the pinch of the cybersecurity skills gap may find much talent in their own backyards. Organisations are hiring from within, offering upskilling to increase current employees’ skills in the same key areas they’re hiring for: digital skills, business acumen, and social skills.
Organisations should challenge long-held beliefs about training, and design their programs to be people-powered, business-led, and results-oriented. This approach uses techniques such as gamification to increase participation, improves effectiveness and recall by having students apply their newfound knowledge to challenges they face on the job, and rewards progress toward tangible business outcomes.
Partner, Cybersecurity & Digital Trust, PwC Australia
Tel: +61 3 8603 6866
Partner, Melbourne, PwC Australia
Tel: +61 436 444 949
Partner, Cybersecurity & Digital Trust, PwC Australia
Tel: +61 413 745 343
Australian Global Crisis Centre Leader, PwC Australia
Tel: +61 2 8266 7809