Study highlights cybersecurity trends

What has already changing and what’s next in cybersecurity? These are questions that the Digital Trust Insights 2021 global study by PWC sought to answer based a survey with 3,249 business and technology executives worldwide.

According to the PWC report, cybersecurity teams are moving from a purely reactive stance to a more dynamic stance with a better vision of the future. They are no longer focused just on technology and have started to work closely with the business areas, thinking about developing resilience in the organization as a whole.

The study evaluated five perspectives – reset of the cybersecurity strategy; future-proof cybersecurity teams; how to get more out of the cybersecurity budget; investments to match the cybercriminals resources; and development of resilience.

The COVID-19 pandemic and the subsequent health and economic crises have been a reason to change cybersecurity strategies for 96% of executives, causing companies’ digitalization processes to take place at a much faster rate than they predicted in their multi-annual plans – 40% said that are accelerating digitization.

Digital ambitions are even bigger. Twenty one percent of executives stated that they are changing their company’s core business, and 18% commented that they are exploring new industries. However, these measures can expose companies to more and new risks. Maybe this is why half of the respondents are likely to consider cybersecurity in their business decisions – that proportion was 25% in last year’s survey.

New times also demand new ways of leadership. According to 40% of respondents, those responsible for cybersecurity are expected to be, mainly, leaders who know how to conduct digital transformation processes, appropriately addressing security and privacy strategies, multifaceted teams, and budgetary issues. Also, they are expected to be exceptional leaders in tactical and operational terms to ensure solid performance.

Lack of skilled labor is a concern currently plaguing the cybersecurity industry, with 3.5 million vacancies to be filled as early as 2021, according to the study. It is not a coincidence that 51% of executives in the PWC study said that they plan to hire more full-time professionals in this area next year, with 22% intending to increase the cybersecurity team by 5% or more.

The main positions that companies are seeking to fill are cloud solution architects (43%), security intelligence (40%) and data analysis (37%). According to the survey, an alternative that many organizations have used to fill vacancies is “internal hiring”, counting on professionals who are already working for them and offering them qualification opportunities to increase their skills (upskilling 2.0), such as digital and soft skills and business vision. In addition, some companies are relying on managed services to meet the most pressing demands.

To attract talents, companies have offered flexibility, rewards, training, and a work environment with advanced technologies and projects.

More than half of the companies (55%) said that the cybersecurity budget will grow in 2021. However, we expect to see changes in the way the values will be managed. The same portion (55%) said they are not confident that cyber spending is being allocated to address the most important risks.

To remedy this situation, 44% said they are considering changing budget processes. More than a third fully agreed that it is possible to strengthen the cyber stance while reducing costs – applying automation methods and using technology rationally. For respondents, doing more with less is feasible by quantifying risks and exploring data to make smarter decisions – 77% of them said they already do this and are seeing the benefits.

In addition, investments in innovation and technology are changing the way organizations arm themselves against cybercriminals. An indication of the importance of innovation for cybersecurity is the bustling market of the so-called cyber-startups – about two dozen undergone IPO or M&A transactions valued at US$ 1 billion in the past decade, with 10 of them only in the last two years, according to CB Insights.

The next key change will be towards the cloud. Companies are rapidly moving operations (75%) and security (76%) to this environment, abandoning static legacy systems in favor of integration and agility. For 36% of respondents, there are new solutions to protect cloud infrastructures better than ever.

Forty percent of the executives interviewed in the study said they plan to increase resilience testing to maintain operations continuity in case of unwanted events.

Among the cyber threats identified by respondents as the most likely to occur in the next year, the most remembered are those coming from the Internet of Things (IoT) and cloud service providers (33%), while cyberattacks on cloud services are at the top of the list of threats with the potential to produce more negative impacts (24%).