1、 Global Digital Trust Insights Survey 2021 Cybersecurity comes of age PwC | Global Digital Trust Insights Survey 20212 Content Overview . 3 1. Reset your cyber strategy, evolve leadership for these new times .4 2. Rethink your cyber budget to get more out of it .9 3. Invest in every advantage to lev

2、el the playing field with attackers .14 4. Build resilience for any scenario .19 5. Future-proof your security team .26 About the survey .31 Demographics .33 Contact us .37 PwC | Global Digital Trust Insights Survey 20213 Cybersecurity comes of age Five moves to get to the next level Just decades af

3、ter coming out from under ITs wing, the cybersecurity profession has matured. Since the Massachusetts Institute of Technology was granted the first US patent for a cryptographic communication system in 1983, the industry has grown by leaps and bounds with a long list of growing pains. Armed with the

4、 insight and foresight that only experience and wisdom can provide, cyber stands at a critical, pivotal and exciting time for the industry and the organizations and people it serves. Our findings from the Global Digital Trust Insights 2021 survey of 3,249 business and technology executives around th

5、e world tell us whats changing and whats next in cybersecurity. No longer solely reactive although it is that cybersecurity has become more thoughtful and forward-thinking, with the knowledge and technologies to stop attacks before they start. No longer technology-focused although tech is very much

6、in the picture security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole. As a result, cyber is leveling the playing field with attackers, pushing back and fending off as never before. The timing couldnt be better. Recent shifts

7、 in business models have prompted many enterprises to speed up their digitization programs. CEOs and boards are turning to their CISOs for help increasing their resilience and creating business value. Technology is maturing, too, simplifying cybersecuritys work and integrating it with the business a

8、s a whole. Digital solutions are adding layers of protection and continuously monitoring systems automatically for a simpler, more integrated approach to security. CISOs are able to take the long, strategic view needed from them now. When spot fires are not demanding their attention, security manage

9、rs are able to let their imaginations roam, for more creative solutions. 1 Reset your cyber strategy, evolve leadership for these new times PwC | Global Digital Trust Insights Survey 20215 Business transformations are more sweeping and rapid Businesses are changing. Accelerated digitalization for gr

10、owth 40% Permanent, full-time remote work for more workers 39% Larger weight on the quality on IT and telecommunications infrastructure in location decisions 37% Accelerated automation for cost-cutting 35% Continuously updated resilience plans and tests 33% Source: PwC Global Trust Insights Survey 2

11、021, October 2020: base 3,249 Q: Which of the following changes are most likely to be impacts of the COVID-19 experience in your industry? .and their ambitions are rising. Modernizers 45% 31% Redefi ners 9% 21% Explorers 9%18% Effi ciency seekers 35% 29% Source: PwC Global Trust Insights Survey 2021

12、, October 2020: base 3,249 Q: What is the primary aspiration for your enterprise-wide, technology-driven business transformation or major digital initiatives? 20192020 In the pandemics first three months, CEOs report, their organizations digitized at surprising speed, advancing to year two or three

13、of their five-year plans. The future is now: digital health, industrial automation and robotics, enhanced ecommerce, customer service chat bots, virtual reality-based entertainment, cloud kitchens, fintech, and more. The health crisis and economic recession have stoked further change, according to o

14、ur Global DTI 2021 survey: 40% of executives say theyre accelerating digitization perhaps taking on business strategies they hadnt imagined before. Their digital ambitions have skyrocketed. Twenty-one percent are changing their core business model and redefining their organizations (the “redefiners”

15、), while 18% are breaking into new markets or industries (the “explorers”). Both categories have doubled since our survey last year. Doing things faster and more efficiently is the top digital ambition for 29% of executives (“efficiency seekers”), while 31% are modernizing with new capabilities (“mo

16、dernizers”). More than one-third 35% say theyre speeding up automation to cut costs, which is no surprise at a time when revenues are down. PwC | Global Digital Trust Insights Survey 202166 New times call for a resetting of cyber strategy .and so are their cyber strategies Cybersecurity and privacy

17、baked into every business decision or plan 50% New process of budgeting for cyber spend or investments 44% Better and more granular quantifi cation of cyber risk 44% More frequent interactions between CISO and the CEO or boards 43% Greater resilience testing for more low-likelihood, high-impact even

18、ts 43% No change due to COVID-19 4% Dont know/unsure 1% Source: PwC Global Trust Insights Survey 2021, October 2020: base 3,249 Q: Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry? New technologies and business models and the f

19、ast pace of adoption bring new risks. But, like the high-powered brakes on a racecar, cybersecurity makes high-speed digital change a lot safer. Nearly all (96%) say theyll adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in every business decis

20、ion thats up from 25% in our survey last year. Savvy CISOs are in step with the vision and goals of their enterprise as a whole, not just IT. “One of our key jobs is to engage with our partners throughout the organization that will help us achieve our objectives. If I havent created a culture where

21、people want to engage and proactively come to security rather than shy away from us, I dont think well be able to get there,” said Katie Jenkins, CISO, Liberty Mutual. PwC | Global Digital Trust Insights Survey 20217 7PwC | Global Digital Trust Insights Survey 2021 One of our key jobs is to engage w

22、ith our partners throughout the organization that will help us achieve our objectives. If I havent created a culture where people want to engage and proactively come to security rather than shy away from us, I dont think well be able to get there. Katie Jenkins CISO, Liberty Mutual PwC | Global Digi

23、tal Trust Insights Survey 20218 CISOs are evolving to the needs of business CISOs need to play encompassing roles to help Steward of costs Resilience czar Data value creator and protector Enterprise risk authority Experience offi cer Transformational leader Operational leader and master tactician 20

24、% 20% 16% 15% 12% 10% 8% Source: PwC Global Trust Insights Survey 2021, October 2020: Base 3,249 Q: What is the primary role your organizations CISO needs to play to help your organization achieve its growth and strategic objectives in the next two years? New times also call for new CISO leadership

25、modes. Forty percent of executives say they need the CISO to be a transformational leader (20%) or an operational leader and master tactician (20%). These roles are encompassing and call for the multifaceted expertise that CISOs have built. The transformational CISO leads cross- functional teams to

26、match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans. The operational leader and master tactician is a tech-savvy and business-savvy CISO who can deliver consistent system performance, with security and privacy t

27、hroughout the organization and its ecosystem amid constant and changing threats. Some CISOs already inhabit these roles, and are exhibiting four qualities most prized by executives: strategic thinking (38%), the ability to take smart risks (38%), leadership skills (36%), and ability to recognize and

28、 nurture innovation (34%). From cybersecurity to digital trust Its a critical juncture for cybersecurity and CISOs. A business-driven cyber strategy is the important first step for business and security leaders amid sweeping, rapid business digitization. This reset not only defines the expanding rol

29、e of the CISO, it also affects the way the organization sets cyber budgets, invests in security solutions, plans for resilience, and enhances its security organization. It determines whether CISOs may grow to become stewards of digital trust, able to lead their organizations securely into the new er

30、a with strategies to protect business value and to create it. PwC | Global Digital Trust Insights Survey 20219 2 Rethink your cyber budget to get more out of it PwC | Global Digital Trust Insights Survey 202110 Cyber budgets will rise for half of the businesses surveyed Fifty-five percent of technol

31、ogy and security executives in our Global DTI 2021 survey plan to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021 even as most (64%) executives expect business revenues to decline. Clearly, cybersecurity is more business-critical than ever before. Still, 26% will

32、need to do more with less, and 13% will have to make do with static budgets. “The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure that the investments were making are efficient and high-value,” says Katie Jenkins, CISO, Liberty

33、 Mutual. Getting the most value for every cybersecurity dollar spent becomes more critical as entities digitize: every new digital process and asset becomes a new vulnerability for cyber attack. More are increasing cyber budgets than decreasing them in 2021 Net: Decrease 26% Net: Increase 55% 2% Dec

34、rease by more than 20% 1% Dont know/unsure 10% 4% 4% 11% 25% 13% 22% 8% Decrease by 1120% Cannot determine at this time Decrease by 610% Decrease by 5% or less Unchanged Increased by 5% or less Increased by 610% Increased by more than 10% Source: PwC, Global Digital Trust Insights Survey 2021, Octob

35、er 2020: base 3,249 Q: How is your cyber budget changing in 2021? base 1,414 PwC | Global Digital Trust Insights Survey 20211111PwC | Global Digital Trust Insights Survey 2021 The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure

36、 that the investments were making are efficient and high-value. Katie Jenkins CISO, Liberty Mutual PwC | Global Digital Trust Insights Survey 202112 Most executives lack confidence in the budgeting process Confi dence in current cyberbudgets and processes is low today (Percentage of respondents who

37、are not very confi dent) Our cyber budget/process is: Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 3,249 Q: Regarding your organizations current cyber budget and processes, how confi dent are you with regard to the following? 54.4% Includes process monitoring the effect

38、iveness of our cyber program against the spending on cyber 53.2% Linked to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way Allocated towards the most signifi cant risks to the organization 54.8% Focused on remediation, risk mitigation, and/or response te

39、chniques that will provide the best return on cyber spending 55% Integrated with decisions on capital requirements needed in the event of a severe cyber event 55.4% Adequate digital trust controls over emerging technologies for security, privacy, and data ethics 58% More than half (55%) of business

40、and tech/ security executives lack confidence that cyber spending is aligned to the most significant risks. Or that their budget funds remediation, risk mitigation and/or response techniques that will provide the best ROI (55%). Or that budgets provide the resources needed for a severe cyber event (

41、55%). Or that the process monitors the cyber programs effectiveness compared to expenditures (54%). Cyber budgets could and should link to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way, but 53% lack confidence that their current process does this. And

42、with regard to preparedness for future risks, executives are not confident that cyber budgets provide adequate controls over emerging technologies (58%). With confidence lagging in the process used to fund cybersecurity, executives say its time for an overhaul. Forty-four percent say theyre trying n

43、ew budgeting processes, and considering how best to convince the CEO and board to assign needed funds. Nevertheless, more than one-third strongly agree that organizations can strengthen their cyber posture while containing costs thanks to automation and rationalization of tech. PwC | Global Digital

44、Trust Insights Survey 202113 Putting a dollar amount on cyber risk is a must Putting a dollar amount on the value of a cyber project, in terms of risk reduction or less costly compliance, allows comparison of the costs and value of cyber investments so they can be prioritized. Quantification also ma

45、kes it easier to measure the value of the overall portfolio of cyber investments against business objectives. This kind of rigor and sophistication will be increasingly demanded especially as the markets and regulators hold CEOs and board members more accountable for cybersecurity and privacy. Cyber

46、 managers can do more with less, but to do so they need to quantify cyber risk and use the information to make smart choices that protect the businesss security, privacy, and cash flow. Seventeen percent of the executives in our Global DTI survey have quantified cyber risks, and are realizing benefi

47、ts from doing so. For instance, a highly acquisitive company that quantifies cyber risks can evaluate deal opportunities faster and more systematically. A financial institution that handles millions of transactions a day can do daily and weekly threat and vulnerability assessments staying alert to the performance of underlying controls and any need to reallocate