Cloud-related risks are top of the cyber security agenda for senior executives in the UK, according to a PwC study, with 39% expecting such risks to “significantly affect” their organisation in the coming months, more so than other forms of cyber risk emanating from other sources, such as physical endpoints, web applications or software supply chains.
Moving into the second month of the year, the findings from PwC’s Global digital trust insights survey, which polled thousands of decision-makers globally in the summer of 2022, anticipate a clear spike in attacks against cloud management interfaces in particular, cited by 33% of UK respondents as a potential problem.
To a lesser degree, organisational leadership is also concerned about business email compromise (BEC) and so-called “hack and leak” attacks, cited by 27%.
Meanwhile, 24% expect ransomware attacks to significantly increase, and 20% are worried that attacks on the industrial internet of things (IIoT) and operational technology (OT) assets will rise significantly.
“In part, the increase in cloud-based threats is a result of some of the potential cyber risks associated with digital transformation,” said Richard Horne, PwC cyber security chair.
“An overwhelming majority (90%) of UK senior executives in our survey ranked the ‘increased exposure to cyber risk due to accelerating digital transformation’ as the biggest cyber security challenge their organisation has experienced since 2020.
“However, these digital transformation efforts – which include initiatives such as migration to cloud, moving to ecommerce and digital service delivery methods, the use of digital currencies and the convergence of IT and operational technology – are critical to future-proofing businesses, unlocking value and creating sustainable growth.”
Indeed, about two-thirds of UK respondents told PwC they had not yet fully mitigated the risks associated with digital transformation, in spite of the potential cost, and reputational damage, of an incident – 27% of global chief financial officers who took part said they had experienced an incident in the past three years that had cost over $1m.
On a brighter note, there does seem to be plenty of money available to help, which runs contrary to forecasts from analysts at Forrester, who predicted a 3.6% decline in general IT spending this year as organisations face a budget shortfall. Cyber security seems relatively unaffected by PwC’s metrics, with 59% of UK respondents saying they expect their security budgets to increase.
Heightened state of awareness
Hand-in-hand with growing cyber budgets is a gathering awareness in the boardroom of the complexity of cyber threats and the damaging impact of an attack.
At just under half of UK organisations, a “catastrophic” cyber incident was held to be the top risk scenario they faced, ahead of both global recession or a resurgence of a new Covid-19 variant. PwC said this echoed the findings of a previous study of CEOs that found 64% of UK leaders were “extremely or very concerned” about cyber attacks hitting their ability to conduct business.
Bobbie Ramsden-Knowles, crisis and resilience partner at PwC UK, commented: “The potentially destructive impact of cyber threats such as ransomware have significant implications for the wider resilience of whole organisations.
“Only by taking a more strategic approach to resilience across high impact and increasingly plausible threats can organisations protect what matters most to business survival and reputation, and ultimately build trust.”