Over two-thirds of UK-based CEOs plan to increase long-term cybersecurity budgets, with many expressing increasing concerns over the risk of online threats to the business, according to PwC.
The global consulting giant interviewed nearly 1800 business leaders in the UK as part of a global survey of CEOs.
Its 24th annual UK CEO Survey revealed the major impact the pandemic has had on decision-making at the apex of the country’s private sector organizations.
The number reporting concerns over cyber-threats increased from 80% last year to 91%, while almost half (48%) said they were “extremely concerned” about the threat posed by cyber-risk to business growth.
PwC claimed these changing responses were influenced heavily by the rapid shift to support remote working and push more services online in the early days of the crisis. These efforts enabled attackers to find new gaps in protection which allowed them to flourish.
Trend Micro claimed to have blocked 20% more threats last year — an average of 119,000 per minute globally. Threat actors targeted distracted home workers using unsecured devices and networks, as well as vulnerabilities in remote working infrastructure such as VPNs, and RDP endpoints whose passwords were previously breached or easy to crack.
“As the criticality of technology has increased over the past year, so have UK CEOs’ fears of cyber security threats. This heightened concern is understandable as the stakes are so much higher than they were 12 months ago,” argued PwC cybersecurity leader, Chris Gaines.
“Businesses have become more aware of how reliant on technology they are for their very survival, and as such the risk of cybersecurity attacks naturally weighs more heavily on their minds.”
The criticality of cybersecurity is clear from the study: respondents selected cyber as the number one threat which is factored into their strategic risk management activities, above “pandemics and other health crises” and “uncertain economic growth."
As a result, a majority of the UK’s CEOs are responding to these challenges by committing more investment to cyber and data privacy over the coming three years.
“Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It is about simplifying the organization to be securable. It is about assessing, understanding and managing the cyber risk impact of every business decision,” concluded Gaines.
“It is also about recognizing that much of cybersecurity risk originates from vulnerabilities outside their organization.”