Business leaders expect cyber security threat to increase
New polling has found that two thirds of UK business leaders expect cyber security threat to increase over next 12 months.
According to the latest PwC cyber security survey of business and technology executives, 61 per cent of UK respondents expect to see an increase in reportable ransomware incidents in 2022. Expectations of an increase in ransomware attacks reflects UK businesses’ concern about a broader increase over the next 12 months in cyber threats, including business email compromise (61 per cent) and malware via software updates (63 per cent).
Additionally, 86 per cent of UK respondents said that complexity in their organisation creates concerning levels of risk. Notably, 64 per cent of UK respondents expect a jump in attacks on their cloud services over the next year, however only 41 per cent profess to have an understanding of cloud risks based on formal assessments. Similarly, 63 per cent of respondents say their organisations expect a rise in breaches via their software supply chain, yet only 42 per cent have formally assessed their enterprise’s exposure to this risk.
Almost two-thirds of UK organisations are increasing their cyber security budgets over the coming year, this compares to 56 per cent in last year’s survey. Furthermore, nearly a quarter of organisations plan to increase their cyber security spend by 10 per cent or more.
Bobbie Ramsden-Knowles, Crisis and Resilience Partner, PwC UK, said: “It’s impossible to ignore the threat from ransomware attacks as criminal groups become more brazen and scale their operations through ‘ransomware as a service’ and the use of affiliate criminal groups. At PwC our threat intelligence team has already tracked more ransomware incidents globally, up to September 2021, than in the whole of 2020.
“Ransomware has the potential to rapidly disrupt an organisation’s entire business, across geographies and functions. For organisations without a framework for managing enterprise-wide crises there is an acute need to develop and embed one, to be able to respond to this type of disruptive event in a coordinated way.
“Whereas other types of crises may be perceived as 'black swan' events that can not be predicted, ransomware attacks have become so widespread that we have seen a common set of challenges and decisions that all organisations would face. Developing - and aligning - ransomware playbooks for executive crisis teams and operational responders is a no-regrets move. And, testing these through wargames and exercises can reduce uncertainty, build confidence in the ability to respond and help prioritise focus on preventative measures.”