Cyber resilience needs to sit at the heart of this reinvention. Organisations must stay ahead of - not just respond to - increasingly complex and high impact cyber risk if they are to securely and safely unlock greater value from their data, using technologies such as cloud and generative AI (GenAI).
The positive news is that more than half of UK CEOs (53%) are stepping in and taking personal responsibility for driving change across the organisation - from appointing dedicated transformation leaders and teams to reallocating capital to transformation projects and raising additional funding for them. But cyber security must also be driven from the top, across the entire organisation.
“Cyber security and transformation are inextricably linked. Putting cyber security at the centre of the need for business model reinvention is critical to gain trust, safeguard reputation and build resilience to protect value - but crucially also to take risk more intelligently and create new sources of value.”
Alex Petsopoulos
Partner, Cyber Security, PwC UK
Much of the essential change that organisations are pursuing can only be achieved by more effective use of technology. Some 87% of UK CEOs say they have recently completed or are currently running, or planning, at least one transformative IT project, and more than three-quarters (76%) say they will invest in cloud infrastructure and data and AI this year.
But this growing reliance on technology increases the potential and severity of technology-related risks such as data loss, regulatory compliance failures and catastrophic cyber attacks.
Cyber risk ranked second behind only inflation when respondents to our Global Risk Survey (GRS) 2023 were asked which risks they feel highly or extremely exposed to in the next 12 months. And the evolving and wide-ranging nature of cyber threats is evident from our 2024 Digital Trust Insights (DTI) survey.
The scale and cost of cyber attacks is also increasing, with more than a quarter (28%) of UK DTI respondents saying their most damaging breach in the last three years cost between $1m and $9m, and 17% putting that figure at between $10m and $19m.
“While many organisations have invested in preventing cyber incidents, the majority have not considered how they will recover from them. In the event of a high-impact incident, those who are not adequately prepared can expect a long road back to normal operations, significant financial costs and possible reputation damage.”
Alex Petsopoulos
Partner, Cyber Security, PwC UK
The fine balance between technology opportunity and risk can perhaps be seen most starkly with the rapid rise of GenAI, underscoring the critical importance of cyber security to the safe adoption of emerging technology.
Yet despite the criticality of greater cyber resilience to successful transformation, many organisations still have significant gaps between their ambitions and action. Take cloud, where only a quarter (24%) of UK respondents to the DTI survey say they are prioritising cloud security when allocating their cyber security budget in 2024 despite cloud being ranked the top cyber threat.
“Organisations must consciously consider resilience at every stage of their cloud journey – from ensuring a ‘resilient by design’ mindset in the design and secure deployment of new Cloud solutions, to understanding how new technologies co-exist with existing investments. This is especially important for those seeking to leverage cloud technologies for continuous transformation or business model reinvention. Resilience is about maintaining confidence in ability to recover from major incidents, in a more complex and dynamic environment than ever before - this requires a deep understanding of how inherent cloud capabilities can support you in achieving your resilience goals.”
Karen Penman
Cloud Resilience Lead, PwC UK
Q: To what extent has your organisation addressed the following challenges with your cloud service provider(s)? (Source: 2024 Digital Trust Insights survey UK respondents, PwC)
Technology complexity is also a challenge. Just under half (45%) of UK respondents to the DTI survey say they use cyber security technology from multiple providers, with plans to integrate it in the next two years. And only half are ‘very satisfied’ with their technology capabilities in key cyber security areas. As a result, only around a quarter of UK organisations say they are consistently achieving (between 81%-100% of the time) key cyber security activities.
Attracting, retaining and upskilling the cyber talent needed to securely deliver this transformation is a major challenge for many organisations. The majority of UK CEOs (78%) in our UK CEO Survey report some extent of skills shortage within their organisation, and 68% specify a lack of tech capabilities in inhibiting their ability to transform.
Most organisations will not be able to build the cyber skills and tech capabilities needed internally and more than half (57%) of UK respondents to our DTI Survey say that rebalancing between in-house and outsourced or managed services is a top priority over the next 12 months. Just over a quarter (27%) of UK DTI Survey respondents also say managed security services is a priority investment when allocating their organisation’s cyber budget in the next year, while 30% say they are implementing or planning to implement cyber managed services in new areas such as security operations.
By building greater cyber resilience, organisations can take a more informed and confident approach to digital transformation and be alive to the cyber risks, so they can better understand, manage and mitigate them.
This can be seen with the top performing 5% of organisations revealed as ‘stewards of digital trust’ in our DTI survey. These organisations are experiencing fewer breaches, and the attacks that do hit them aren’t as costly. Navigating risk is easier because they’ve streamlined their cyber security solutions. And they’ve positioned themselves for greater productivity and faster growth, outpacing the competition as they plunge into new technologies with confidence that they are well protected.
“The need for resilience and security is a key driver for clients with a reinvention imperative and also a key consideration as they forge their approach to transformation. Just as CEOs are personally taking the lead for change, they must also embrace cyber security as a whole-of-business endeavour.”
Alex Petsopoulos
Partner, Cyber Security, PwC UK
We can help you ‘accelerate your outcomes,’ working by your side to provide end-to-end managed services that deliver sustained outcomes. Or we can ‘accelerate your capabilities,’ building you a team of PwC delivery specialists to work directly for you and build your strength for the long-term.
Today’s complex cyber risks cannot be tackled alone. Leave us to manage your cyber security defences so that you can focus on your organisation’s strategic agenda.
PwC are in the business of transformation, combining the fields of management consulting, technology and strategy expertise to help organisations succeed.
