Digital transformation due to the COVID-19 pandemic, which saw businesses move services online, supply chains disrupted and employees work from home, has pushed cyber security to the top of the agenda for UK CEOs, according to an audit firm.
Most, 91 per cent of UK CEOs are concerned about the threat of cyber security risks, according to PwC’s 24th Annual CEO Survey. This is the highest figure recorded since CEOs were first asked about cyber threats in the survey, and an increase on last year’s figure of 80pc. It is also higher than this year’s global figure of 85 per cent.
Chris Gaines, Cyber Security Leader, PwC UK said: “As the criticality of technology has increased over the past year, so have UK CEOs’ fears of cyber security threats. This heightened concern is understandable as the stakes are so much higher than they were 12 months ago. Businesses have become more aware of how reliant on technology they are for their very survival, and as such the risk of cyber security attacks naturally weighs more heavily on their minds.
“The technological changes implemented over the past 12 months have not only been across businesses, but also society, and many were implemented in haste. Risk averse organisations who in different times may have taken years to plan for increased remote working made the change overnight. Organisations must now effectively, securely embed such changes while continuing to evolve and innovate.”
When asked which top three threats are explicitly factored into their strategic risk management activities, ‘cyber threats’ was the most selected by UK CEOs and chosen by 75pc of them. This was in front of ‘pandemics and other health crises’ (62pc), and ‘uncertain economic growth’ (57pc). A ‘COO pulse survey‘ had similar findings.
Looking ahead
Near half, 48pc of UK CEOs are ‘extremely concerned’ (up from 42pc last year) about the risk of cyber threats to their business growth prospects. As a result of the COVID-19 crisis, 67% of UK CEOs plan to increase long-term investment in cybersecurity and data privacy over the next three years, with 24pc of UK CEOs saying they will significantly increase long-term investments.
Chris Gaines said: “Increasing investment in cyber defences is only part of the approach CEOs should be taking. With every area of every organisation now more reliant on technology, and more reliant upon the technology of suppliers and other organisations within their ecosystem, business leaders need to appreciate the role they must play in securing their organisation.
“Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It is about simplifying the organisation to be securable. It is about assessing, understanding and managing the cyber risk impact of every business decision. And it is about recognising that much of cyber security risk originates from vulnerabilities outside their organisation. CEOs are right to be concerned about cyber security risk but the challenge they face is shaping their organisations to be securable. However, this period of change we find ourselves in presents the perfect moment to face into that challenge.”
