Much done but more to do to stop cyber attacks on Irish businesses
By Pat Moran, Cyber Leader, PwC Ireland
While great strides have been made, Irish firms can do better to stop the cyber attackers compared to global peers. For example, better allocation of budgets to the right risks, accelerating digitisation, strengthening cybersecurity defenses and responding more quickly to cyber incidents. Less than half of Irish survey respondents plan to increase resilience testing to prevent the most disruptive cyber attack. These are some of the key findings from PwC’s research:2021 Global Digital Trust Insights: Cybersecurity comes of age, the Irish analysis which launched today.
The report is based on research amongst over 3,200 business and technology executives from around the world including in Ireland and reveals insights into what’s changing and what’s next in cybersecurity. This press release deals with the Irish results including how Ireland compares to global peers.
Overwhelming shift in cybersecurity strategy due to Covid-19
An overwhelming 96% of the Irish respondents said that they have shifted their cybersecurity strategy due to COVID-19. Nearly half (47%) said that they are now more likely to consider cybersecurity in every business decision; a similar proportion (43%) confirmed that COVID-19 will result in better quantification of cyber risks.
However, to achieve digital aspirations, Irish respondents are less focused on doing things faster and more efficiently (20%) and speeding up automation to cut costs (30%) compared to global peers (Global: 29% and 35% respectively). Just 27% say they have significantly improved customer experiences (Global: 45%) as part of their cybersecurity progress. In addition, just three out of ten (30%) stated that there is likely to be more frequent interactions between their Chief Information Security Officer and CEO or Board (Global: 51%).
Given the unprecedented impacts of COVID-19, many organisations have had to re-think and re-frame their cybersecurity strategies. While great strides are being made, the survey also suggests that more can be done by Irish firms compared to their global peers, particularly, to speed up automation and achieve efficiencies. It is also important that the head of information security is in regular communication with the CEO and board to balance the technology and business requirements of any cyber strategy.
Future-proofing cyber teams a key focus
With a significant number of cyber security jobs to be filled in Ireland in 2021 - a key challenge plaguing the cybersecurity industry is a lack of skilled people. At the same time, just under a third (30%) of Irish respondents plan to add full-time cybersecurity personnel over the next year compared to 51% globally.
The top cybersecurity roles Irish executives are looking to fill include: cloud solution architects (50%), collaboration (50%), digital design (47%), security intelligence (43%) and data analysis (40%).
An alternative that many organisations have used to fill cyber job vacancies is upskilling - increasing and broadening existing employees’ skills. The research suggests that more Irish firms may be opting for this route to plug the skills’ gap. We also see some organisations relying on managed services to fill the acute need for specialist talent and advanced technologies.
Lack of confidence in how cyber budgets are spent
More than half (55%) of respondents state that their cyber budget will increase in 2021. While a larger budget for cybersecurity is good news, the industry should expect changes in the way these budgets are being managed. 60% of executives lack confidence that their cyber spending is allocated towards the most significant risks of their organisation (Global: 55%). Nearly four out of ten (37%) say that they’re thinking about changing their budgeting process (Global: 44%).
At the same time, less than a third (30%) strongly agree that quantification of cyber risks can significantly improve the way they manage spending against risks (Global:37%). Just over one in ten (13%) strongly agree that their organisation can strengthen its cybersecurity defenses while containing costs (Global: 34%).
More to do to stop cyber attackers
Innovation and technology are changing the way organisations around the world are leveling the playing field against cyber attackers. While progress is being made, however, less than one in three (30%) Irish executives said that COVID-19 has accelerated digitisation (Global: 40%). A similar proportion (30%) confirm that they have made significant progress in responding more quickly to cyber incidents and disruptions (Global: 44%).
The top outcomes desired as a result of increased investment in cybersecurity over the next 2-3 years, according to Irish respondents, are: improved confidence of leaders’ ability to manage threats, lower cost of compliance and improved customer experience. The prevention of successful attacks and faster response times to disruptions was of greater focus globally than in Ireland.
The survey found that executives from large organisations ($1B+) are more likely to report benefits from making a strategic shift to advanced technologies and restructuring security operations.
Greater efforts needed to build cyber resilience
Since the pandemic, around the world we’ve seen a surge in intrusions, ransomware, data breaches and phishing. Still less than half (43%) of respondents said that they plan to increase resilience testing to ensure critical business services will function even if the most disruptive cyber event occurs.
The internet of things, mobile, cloud service providers and other third parties top the list of ‘very likely’ root causes of cyber threats in the year ahead. However, cyber attacks on cloud services top the list of threats that will have a ‘significant negative impact’
Irish firms have made progress in terms of modernising their capabilities and re-aligning their cyber strategy in their efforts to beat the cyber attackers. But the survey suggests that compared to global peers Irish firms should place a greater focus on investing in technologies and strengthening their cyber defenses to make a more meaningful headway against cyber attackers. Leading cybersecurity teams have a three-fold mission: build trust, build resilience,and accelerate innovation.