THE RAPID pace of digital transformation due to the COVID-19 pandemic, which saw businesses move their services online, supply chains disrupted and employees work from home, has pushed cyber security to the top of the agenda for UK CEOs.
No less than 91% of UK CEOs are concerned about the threat of cyber security risks. That’s according to PwC’s 24th Annual CEO Survey. This is the highest figure recorded since CEOs were first asked about cyber threats in the survey, and an increase on last year’s figure of 80%. It’s also higher than this year’s global figure of 85%.
Chris Gaines, cyber security leader at PwC UK, commented: “As the criticality of technology has increased over the past year, so have UK CEOs’ fears of cyber security threats. This heightened concern is understandable as the stakes are so much higher than they were 12 months ago. Businesses have become far more aware of how reliant on technology they are for their very survival. As such, the risk of cyber security attacks naturally weighs more heavily on their minds.”
Gaines went on to state: “The technological changes implemented over the past 12 months have not only been across businesses, but also society. Many of them were implemented in haste. Risk averse organisations who, in different times, may have taken years to plan for increased remote working simply made the change overnight. Organisations must now effectively and securely embed such changes while continuing to evolve and innovate.”
Top strategic risk
When asked which threats are explicitly factored into their strategic risk management activities, ‘cyber threats’ was the most selected by UK CEOs and chosen by 75% of them. This was in front of ‘pandemics and other health crises’ (62%) and ‘uncertain economic growth’ (57%).
Looking ahead, 48% of UK CEOs are ‘extremely concerned’ (up from 42% last year) about the risk cyber threats pose to their business growth prospects. In addition, as a result of the COVID-19 crisis, some 67% of UK CEOs plan to increase their long-term investment in cyber security and data privacy over the next three years, with 24% of UK CEOs suggesting that they will significantly increase long-term investments.
Chris Gaines observed: “Increasing investment in cyber defences is only part of the approach CEOs should be taking. With every area of every organisation now more reliant on technology, and more reliant upon the technology of suppliers and other organisations within their ecosystem, business leaders need to appreciate the role they must play in securing their organisation.”
He added: “Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It’s about simplifying the organisation to be securable. It’s about assessing, understanding and managing the cyber risk impact of every business decision. It’s also about recognising that much of cyber security risk originates from vulnerabilities outside of the organisation.”
In conclusion, Gaines outlined: “CEOs are right to be concerned about cyber security risk, but the real challenge they face is shaping their organisations to be securable. This period of change in which we now find ourselves presents the perfect moment to face up to that challenge and deliver the answer.”