Cloud threats top the list of cybersecurity concerns in the UK, according to PwC’s annual Digital Trust Insights survey. About 39% of UK senior executives believe that cloud threats will have a ‘significant impact’ on their organisations in 2023, more so than threats stemming from laptop/desktop endpoints, web applications and software supply chain.
A third (33%) also said that they expect attacks against cloud management interfaces to increase significantly this year, while 20% expect attacks on Industrial Internet of Things (IIoT) and operational technology (OT) to also significantly increase.
“The potentially destructive impact of cyber threats such as ransomware have significant implications for the wider resilience of whole organisations.”
Bobbie Ramsden-Knowles, Crisis and Resilience Partner, PwC UK.
With the ongoing digital transformation, 90% of the UK senior executives agreed that “the increased exposure to cyber risk due to accelerating digital transformation was the biggest cybersecurity challenge their organization has experienced since 2020”.
“The potentially destructive impact of cyber threats such as ransomware have significant implications for the wider resilience of whole organisations,” said Bobbie Ramsden-Knowles, Crisis and Resilience Partner, PwC UK.
Other threat areas that are expected to increase significantly this year are attempts to compromise business communications, ‘hack and leak’ attacks (27%), and ransomware attacks (24%). On a more positive note, 59% of the UK respondents are also expecting their cybersecurity budgets to increase in order to try to address the growing threat levels and other cybersecurity challenges.
Cyber attack tops risk scenarios
The survey also suggests that senior management and boards are more aware of the seriousness and urgency of cyber threats along with a better comprehension of the serious harm and lasting damage that a successful attack can cause to businesses.
Almost half (48%) of the responding organizations based in the UK indicated that a “catastrophic cyber attack” is their top risk scenario, followed by a global recession (45%) and the potential resurgence of Covid-19 (43%).
Similar results were published in PwC’s 26th annual UK CEO Survey, where a quarter of the UK’s CEOs believed that their business is “extremely exposed or highly exposed to cyber risks over the next five years”. Cyber risks and their possible impact topped the list of risks ahead of inflation, macroeconomic volatility, climate change and geopolitical conflict.
More focus on long term resilience needed
The survey unfortunately also reveals that, despite the growing awareness of the seriousness of cyber threats, there is more to be done in terms of long-term resilience. 43% of the UK senior executives surveyed indicated that their focus remained on ‘isolated risk scenarios’ and how to recover from such individual disruptive events, rather than on understanding what cybersecurity risks their organization faces holistically and how business continuity and disaster recovery might work where multiple risks materialise simultaneously.
According to Ramsden-Knowles business survival and reputation can only be protected effectively by “taking a more strategic approach to resilience across high impact and increasingly plausible threats”.
For C-Suite respondents globally, a ‘catastrophic cyber attack’ is the top scenario in 2023 resilience plans and two-thirds of the global respondents consider cybercrime to be their most significant threat in the coming year.
Against the grim backdrop of rising cyber threats and the expectation of further attacks, the report illustrates that CISOs and cyber teams have started to make an impact, both in the UK and globally. More than 70% of 3,522 respondents have seen improvements in their cybersecurity work — thanks also in part to cumulative investments and more support from and cooperation with senior management and boards.