An overwhelming majority of business and technology executives worldwide plan to shift their cyber security strategies due to the pandemic, according to a new study. One of the most prominent trends has been an accelerated push to digital transformation, and this has had a big impact on cyber security. The role of the CISO has never been more critical to organizations’ survival and growth.
It’s common knowledge throughout the business community—or at least it should be by now—that the coronavirus pandemic has had an impact on cyber security. Just how dramatic that impact has been is becoming clear.
A recent report from professional services and consulting firm PwC showed that an overwhelming majority of business and technology executives worldwide (96%) said they will shift their cyber security strategy due to COVID-19.
The firm, as part of its 2021 Global Digital Trust Insights report, surveyed 3,249 business, technology, and security executives around the world in July and August 2020, and found that half of the respondents said they are more likely to consider cyber security in every business decision. That was up from just 25% in a survey conducted the previous year.
One of the most prominent trends during the pandemic has been an accelerated push to digitally transform the business, and this has affected cyber security efforts. During the pandemic’s first three months, CEOs surveyed said their organizations digitized at surprising speed. Companies have sped up efforts in areas such as digital health, industrial automation and robotics, enhanced ecommerce, customer service chat bots, and others.
And the worldwide health crisis has led to massive changes in work models, with large numbers of employees working remotely on a full-time basis for the foreseeable future.
Organizations have also had to rethink their cyber security budgets. More than half of the organizations surveyed, 55%, said their cyber security budget will be increasing in 2021. However, the same percentage of organizations lack confidence that their security spending is allocated toward the most significant risks to the organization.
Forty-four percent said they’re thinking about changing their budgeting process, and 37% strongly agree that quantification of cyber security risks can significantly improve the way they manage spending against risks. Nevertheless, more than one-third of the respondents strongly agree that organizations can strengthen their security posture while containing costs, thanks in part to automation.
Many organizations are adopting newer, more advanced technologies to protect data, and innovation and technology are changing the way they’re leveling the playing field against cyber attackers by responding more quickly to incidents and disruptions, according to the report. Among the advanced tools they’re adopting are real-time threat intelligence, security orchestration and automation, advanced endpoint protection, and identity and access management. This has been prompted in large part by a sharp rise in the use of cloud services.
Organizations are also building more resilience into their infrastructures, with 40% of the executives surveyed saying they plan to increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs.
The most common outcomes desired by executives in the next two to three years are increased prevention of successful attacks, faster response times to disruptions, improved confidence of leaders in the ability to manage threats, and improved customer experience.
The survey found that executives from large organizations are more likely to report benefits from making a strategic shift to advanced technologies and restructuring security operations. Respondents from the largest organizations (those with more than $10 billion in annual revenue) were also more likely to report gains from using security models and technologies including zero trust architectures, managed services, virtualization, and accelerated cloud adoption.
These findings suggest that investing in technologies, processes and capabilities, and people is critical to making meaningful headway against attackers, the study said. They also underscore the importance of a CISO who can play a transformational leadership role.
Along those lines, the new environment has also changed the ways top executives interact with security leaders. Slightly more than half of the CEOs surveyed said they are more likely to have frequent interactions with the CISOs in their organizations.
Given the unprecedented impacts of the global health crisis, many organizations have had to rethink and reframe their cyber security strategies, noted Sean Joyce, global cyber security, privacy, and forensics leader at PwC US.
The evolving role of CISOs and their importance to their organizations have never been more critical to their organizations’ survival and growth, Joyce said. It’s important for CISOs to balance the nuances of technology and business requirements, while supporting organizations in their cyber strategy, he said.
“The transformational CISO leads cross-functional teams to match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans,” the report said. “The operational leader and master tactician is a tech-savvy and business-savvy CISO who can deliver consistent system performance, with security and privacy throughout the organization and its ecosystem amid constant and changing threats.”
One of the more daunting challenges security leaders and organizations will face this year is the ongoing shortage of cyber security skills. Fifty one percent of executives in the survey said they planned to add full-time cyber security personnel over the next year, with more than 22% saying they will increase staffing by 5% or more.
Among the top roles executives are looking to fill are cloud solutions architects, security intelligence, and data analysis. That makes sense given the growing role of the cloud in corporate IT, and the rising emphasis on data analytics.
One alternative many companies are exploring in order to fill job vacancies is hiring from within the organization, offering to increase existing workers’ skills to meet needs. Some organizations have begun to rely on managed services to fill the need for talent and experience with advanced technologies.