A look at Canadian Digital Trust Insights 2021

Just decades after coming out from under IT’s wing, the cybersecurity profession has matured. Cyber teams are now armed with the insight and foresight only experience can provide. And the timing couldn’t be better, as many of the industries, organizations and people they serve are at a pivotal moment.

The findings from PwC’s Global Digital Trust Insights 2021 survey of more than 3,000 business and technology executives around the world, tell us what’s changing and what’s next in cybersecurity.

In brief, organizations’ expectations of their security leaders continue to rise. No longer focused just on technology, although it’s very much in the picture, cyber’s real role now and into the future will be strengthening and increasing the resilience of their organizations.

Five moves to get your organization to the next level

  1. Reset your cyber strategy
  2. Rethink your cyber budget
  3. Level the playing field with attackers
  4. Build resilience for any scenario
  5. Future-proof your security team

At a glance

Accelerated digitization will continue to be one of the key impacts of COVID-19, but as new business models interact with new technologies, cybersecurity strategies across industries, including defence security, will need to shift to meet changing demands.

As organizations digitize, getting the most value out of every cyber dollar spent will become even more critical, not just because of our current economic climate, but also because every new digital process can become a vulnerability for cyberattack.

In the next year, many organizations, including those in defence and security, will increase cyber budgets and add full-time cyber personnel, and they’re looking for a mix of soft skills, such as critical thinking and communication, and technical skills, such as familiarity with cloud solutions.

1. Reset your cyber strategy

The survey found that 44 per cent of Canadian respondents (40 per cent globally) say they expect accelerated digitization to be a likely outcome of COVID-19. Many are taking on business strategies they hadn’t imagined before, including new markets, new business models, remote working and automation. And 15 per cent of Canadian respondents (21 per cent globally) are changing their core business model and redefining their organizations.

What’s the primary aspiration for your enterprise-wide, tech-driven business transformation or major digital initiatives?

But as we see new business models interact with new technologies, we’re also seeing the introduction of new cyber risks.

Traditional approaches to cyber just can’t keep up with the pace and scale of digitization. And they’re slowing down business strategies and impacting both the top and bottom lines. So, it’s really not surprising that nearly all respondents (97 per cent in Canada and 96 per cent globally) say their industry’s cybersecurity strategies will shift as a result of COVID-19.

Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry?

The key takeaways for the defence and security industries

  • Reset your cyber strategy to adapt to the new business reality and make high-speed digital change safer.
  • Consider the various partners in your business ecosystem (e.g. vendors, research institutes, manufacturers, government organizations) that could be targeted as part of a supply chain attack.
  • If you provide defence and security-related products and services, take a proactive approach to building a robust cybersecurity program that will meet the increased cyber expectations of your customers.

2. Rethink your cyber budget

When looking to the future, two-thirds of respondents, both in Canada and globally, expect their funding and/or revenues to decline in the next year due to COVID-19. But encouragingly, 56 per cent of Canadian respondents (55 per cent globally) expect to increase their cyber budgets in that same period. This shows us many executives understand the importance of cyber in enabling both digitization and automation.

But across the board, very few Canadian executives are really confident their cyber budgets are being assigned and spent correctly. Only 34 per cent of Canadian respondents (compared to 44 per cent globally) are definitive their cyber budget is being allocated to the most significant risks. And while a fifth of both Canadian and global respondents say their organization is already seeing the benefits of better quantifying cyber risks, fewer than half say their organization has actually implemented it at scale.

As organizations digitize, getting the most value out of every cyber dollar spent will become even more critical, not just because of our current economic climate, but also because every new digital process and asset can become a new vulnerability for cyber attack.

The key takeaways for the defence and security industries

  • Rethink your cyber budgeting process so you can clearly show how cyber spend links to risk and business priorities.
  • Link your cyber budget to overall digitization and automation budgets.
  • Quantify cyber risks so you can put a dollar amount on the impact of each cyber project and better prioritize cyber spend.

3. Level the playing field with attackers

Leading defence and security organizations are exploring increased adoption of cloud, intelligent automation and Internet of Things (IoT) systems. This requires a rethink of cyber defences, as these systems can’t be protected with traditional IT security methods.

An understanding of big data and IoT is key to the military application of technology. According to the survey, the top three cybersecurity approaches that Canadian organizations, have implemented and are currently realizing the most benefits from are security orchestration and automation (19 per cent), modern identity and access management (17 per cent) and integrated cloud and network security (17 per cent).

The key takeaways for the defence and security industries

  • Explore innovative ways to secure your cloud by fully leveraging built-in cloud capabilities, such as security automation, integration, monitoring and analytics. You’ll be able to reduce governance costs, proactively address emerging threats and achieve continuous compliance.
  • Reimagine your approach for securing industrial and IoT systems, where traditional IT security methods won’t work.
  • Take a holistic approach to data trust, integrating your data protection and data governance practices to inspire confidence in the use of your classified data as it becomes more distributed.

4. Build resilience for any scenario

The reality is, a cyber attack is much more likely than ever before, as 2020 brought a surge in intrusions, ransomware and data breaches, along with an increase in phishing attempts.

In the survey, Canadian executives were asked to weigh in on the likelihood of cyber threats in the coming year. When looking at possible threat actors, Canadian respondents feel attacks by cybercriminals, insiders and nation states are most likely. 

In terms of cyber events, Canadian respondents feel cyber attacks on cloud services, ransomware breaches and supply chain attacks on critical business services are most likely.

How do respondents plan to prepare? A significant majority (78 per cent) of Canadian executives (76 per cent globally) agree with the statement, “Assessments and testing—done right—will help in targeted investments in cybersecurity.” So, it makes sense that 57 per cent of Canadian executives (40 per cent globally) plan to increase resilience testing to make sure, if a disruptive cyber event happens, their critical business functions will stay up and running.

The key takeaways for the defence and security industries

  • Perform regular assessments and testing to identify weaknesses in your cyber posture before attackers do.
  • Implement a cyber hygiene program to remediate weaknesses often exploited by attackers.
  • Focus on enterprise-wide digital trust by orchestrating resiliency efforts across business continuity, disaster recovery, crisis management, safety, privacy and fraud, all of which are typically separate functions.

5. Future-proof your security team

In the next year, 42 per cent of Canadian respondents plan to add full-time cybersecurity personnel to their organization. But this won’t necessarily be easy, and many recognize the challenges in attracting and retaining good cyber talent. So, it’s not surprising that an overwhelming majority (94 per cent) of Canadian respondents (93 per cent globally), including defence and security industries, use or plan to use managed services.

Canadian executives are looking for future leaders with stronger soft skills to enable better partnership with IT and the business. Three of the five most-mentioned attributes among Canadian respondents to our survey were soft skills: critical thinking (49 per cent), communication (44 per cent) and creativity (43 per cent).

When we look at technical skills, the highest number of Canadian respondents (44 per cent) want their new hires to know about cloud solutions. Tied for second in demand are specialization in particular new tech solutions (for example, AI, IoT and blockchain) and security intelligence experience (40 per cent).

Which of the following technical skills are you looking for in your new hires in the next 12 months?

Organizations are also hiring from within and offering upskilling to increase current employees’ skills. And it’s clear this upskilling behaviour is being modelled from the top, as nearly two-thirds of our surveyed Canadian executives in tech and business spend three or more hours each week on work-related learning.

The key takeaways for the defence and security industries

  • Design talent attraction and retention programs for the cyber function.
  • Offer upskilling to increase current employees’ skills in the same key areas you’re hiring.
  • If you don’t have the resources to attract and retain top cyber talent, consider partnering with a reputable managed security services provider.

This article was originally published on pwc.com, December 2020 © 2021, PricewaterhouseCoopers LLP.