In their recent survey, PwC stated that this year was ripe for several major cybersecurity shifts, “each of which could be disruptive on its own.” This comes on the heels of the statement that “this is likely to be a watershed year” and the revelation that over 30% of companies still don’t maintain a basic level of cyber defense.
Previously known as the Global State of Information Security Survey (GSISS), PwC’s 2024 Global Digital Trust Insights survey is not only the longest-running annual survey on cybersecurity trends (26 years and counting) but also the only one in the industry that draws participation from senior business executives as well as the expected security and IT brass.
Let’s review some of those key disruptive shifts and what they will mean for cybersecurity.
C-suite leans into cybersecurity despite budget constraints
As the report states, “In today’s business climate, we simply can’t talk about digital transformationWhat is Digital Transformation?Digital transformation refers to incorporating digital technology into all business areas to create new or modify existing business processes, culture, and customer experience to fundamentally transform how... More or reinvention without mentioning cybersecurity in the same breath.” It seems non-technical executives are noticing this and seeing cybersecurity as intrinsic to their business goals, especially in today’s world where “every company is a technology company,” no matter what service it provides.
Stats from the report indicate that heavy financial blows dealt by cyberattacks may have contributed to that change of heart. Last year, 27% of respondents indicated having experienced a breach costing over 1 million dollars; this year, the figure shot up to 36%, an increase of nearly ten percent in just twelve months.
The hardest hit industries are as follows, followed by the percentage that experienced a breach costing more than $1 million:
- Healthcare 47%
- Tech, Media, & Telecomm 43%
- Financial Services 38%
- Energy, Utilities, & Resources 33%
- Retail and Consumer 28%
As cyberattacks continue to hit targets outside of technology (and hit hard), executives are waking up to the reality that no line of business can afford to ignore cyber protection. According to PwC research, 40% of CEOs now think their companies may no longer be solvent if they continue their current path for the next decade. The good news is that many are doing something about it.
Two years ago, CEOs were concerned that bad actors were slipping through holes in their overly complex environments. It seemed that having a high number of underutilized security tools was backfiring. This year, 44% are using a simplified, integrated suite of solutions, and nearly as many (39%) plan to do so within the next few years. While this does create another security line item at a time when cybersecurity budgets are being slashed, it seems rising rates and costs of cyber incidents are enough to make the sacrifice worthwhile for the C-suite. For 49% of business leaders, modernizing existing cyber infrastructure is a top priority for the coming year – budget cuts or not. And that goes for optimizing cloud protection, as well. Cloud securityWhat is Cloud Security?Cloud security refers to the measures and strategies used to protect data, applications, and resources stored, accessed, and processed in cloud computing environments. It involves a combination... More is the top threat for 47% of respondents and the number one cybersecurity investment for one-third (33%).
Generative AI brings new threats – and new ways to beat them
Perhaps there is another reason executives are so inclined to lean forward on cybersecurity initiatives despite growing macroeconomic uncertainty. Generative AIWhat is Generative AIGenerative AI is a subset of artificial intelligence that focuses on creating new content. Unlike traditional AI, which typically analyzes or classifies existing data, generative AI models... More technologies are promising to close the gap between security goals and outcomes for smaller, less-resourced teams. In this year’s survey, nearly seven in ten declared their intent to use GenAI for cyber defense.
Nearly half (47%) are already using it for cyber risk detection and mitigation, and more than one-fifth (21%) reported seeing positive results in their security programs after using it during the few months it had been on the market. While it may be too soon to tell the long-term consequences of intimately introducing the new technology into an environment, GenAI is being stretched to provide cybersecurity value in the following areas as quickly as possible:
- Threat detection and analysis | Identifying patterns and anomalies at rapid speed and quickly identifying problems, assessing the scope, and autonomously trying solutions.
- Cyber risk and incident reporting | Simplifying the process with Natural Language Processing (NLP) to translate dense technical reporting into palatable language anyone can understand.
- Adaptive controls | Machine LearningWhat is Machine Learning?Machine learning is a subset of Artificial Intelligence (AI) that involves the development of algorithms and models that enable computers to make predictions or decisions based on... More (ML)-based technologies could recommend to-the-minute best practices and policies as cloud environments and software supply chains evolve.
Now that artificial intelligence is being used to the full extent of its capabilities, the only question remaining for decision-makers is how it will be used responsibly. The answer comes in the form of rules and regulations.
A new (and mandated) era of cybersecurity openness?
We got a taste of the legislative wave when data privacyData privacy is the process of safeguarding an individual’s personal information, ensuring it remains confidential, secure, and protected from unauthorized access or misuse. More policies started cropping up eight years ago, and we are still very much in the middle of it. However, the release of GenAI (and all its capabilities) prompted a second tidal-sized wave that is hitting as we speak. This adds to the general torrent of legal regulations that the industry can expect – and is hoping for – as the year progresses.
When asked which type of legislation would be most crucial to securing the future growth of their organizations, leaders answered:
- Regulation of artificial intelligence – 37%
- Harmonized cyber and data protectionWhat is Data Protection?Data protection refers to the practice of safeguarding sensitive information from unauthorized access, disclosure, alteration, or destruction. It involves implementing policies, procedures, and technologies to ensure that... More laws – 36%
- Mandatory reporting of cyber risk, management, strategy, and governance – 35%
- Harmonized privacy rights and/or protection – 32%
In addition to other concerns such as mandatory regulations for operational resilience (32%), mandatory reporting of incidents in financial disclosures (26%), and shifting the liability for cyber failures to specific companies (25%). No one likes to fill out another report. Still, in the face of so many potential compliance issues, privacy debacles, and supply chain security failings, it seems everyone wants as much legal protection as possible.
Conclusion
In wrapping up this article reviewing PwC’s 2024 Global Digital Trust Insights Survey, there is a line from the report that stands out to me. As the report sums up, “It’s no longer business-as-usual” at your organization. Tectonic trends in budgets, technology, and legislation are creating undercurrents of change that demand action, and business leaders and security executives alike are responding. This year will be a proving ground to see who delivers on their promises: AIWhat is AI? Artificial Intelligence (AI) refers to the simulation of human intelligence processes by computers in an aim to mimic or exceed human cognitive abilities across a range of domains.... More to secure better and faster than we’ve ever seen, lawmakers to come down hard on privacy and data loose ends, or C-suite executives to put their best-laid cybersecurity plans into action.
If you enjoyed this blog post reviewing PwC’s 2024 Global Digital Trust Insights Survey, you can find many more informative articles in our back catalog here.
