With data breaches soaring over the past two years and organisations struggling with the technical demands of the coronavirus pandemic, PwC has declared this a critical point for the cyber security industry.
Its Cyber security strategy 2021: An urgent business priority report notes that the pandemic means organisations can no longer ignore the importance of cyber security.
PwC’s research found that 96% of organisations in the UK have shifted their cyber security strategy due to COVID-19, with 50% of respondents saying that cyber security will be baked into every business decision.
Similarly, 34% of respondents said that they plan to accelerate their digitalisation plans due to the pandemic, and 45% said that there will have more frequent interactions between the CISO and the CEO or board.
It’s one thing to say that you will prioritise cyber security, but organisations must also invest in appropriate measures.
PwC’s research found that just 38% of UK organisations are confident that their cyber security budget is allocated appropriately, compared to 44% globally.
Likewise, only 36% said they are very confident that they are getting the best return on investment possible, versus 42% globally.
Despite – or perhaps because of – this, 56% of respondents are planning to increase their cyber security budgets in 2021.
Meanwhile, 41% of organisations plan to develop new processes for their cyber security spending in 2021, and 67% believe that automation was the primary way to minimise costs without compromising security.
PwC also recommends that organisations align their budgets to the most serious risks. Its research found that this is already on the agenda for 71% of UK respondents, but other organisations must also take note.
Richard Horne, Cyber security chair at PwC, said: “It’s surprising that so many organisations lack confidence in their cyber security spend.
“It shows businesses need to improve their understanding of cyber threats and the vulnerabilities they exploit, and then map their security capabilities against those threats.
“We must also change the way organisations think about cyber risk so it becomes an intrinsic part of every business decision.”