PwC: More Ransomware Attacks to September Than Whole of 2020
Most UK business leaders expect cyber-threats to surge next year, with ransomware, business email compromise (BEC), cloud and supply chain attacks all predicted to increase, according to PwC.
The findings come from the consulting giant’s 2022 Global Digital Trust Insights Survey and were distilled from interviews with 257 business and technology executives in the UK.
Although most (63%) respondents said they expect security budgets to increase next year, even more (66%) predicted cyber-threats would rise. Ransomware (61%), BEC (61%), malware via software updates (63%), and cloud compromise (64%) were among the most notable.
Bobbie Ramsden-Knowles, crisis and resilience partner at PwC UK, claimed the firm’s threat intelligence team has tracked more ransomware incidents globally up to September this year than for the whole of 2020.
“Whereas other types of crises may be perceived as ‘black swan’ events that cannot be predicted, ransomware attacks have become so widespread that we have seen a common set of challenges and decisions that all organizations would face,” he added.
“Developing – and aligning – ransomware playbooks for executive crisis teams and operational responders is a no-regrets move. And, testing these through war games and exercises can reduce uncertainty, build confidence in the ability to respond and help prioritize focus on preventative measures.”
Part of the challenge for executives appears to be mitigating cyber risk stemming from the growing complexity of environments. Some 86% of UK respondents cited this as a concern, especially in the context of multi-vendor cloud and other platforms.
Just two-fifths claimed to have formally assessed their cloud (41%) and supply chain (42%) risks.
Of equal concern is that, despite increased spending, few respondents are confident that they can drive a good return on their investments.
“For example, while 37% of UK respondents said they had implemented cloud security at scale, just 18% are fully realizing the benefits of their investment. The remainder either weren’t investing in this area or hadn’t yet implemented it at scale,” explained PwC UK cybersecurity chair Richard Horne.
“To overcome this challenge and build greater confidence in their security investments, organizations must improve their cyber risk modeling and analysis. This ensures increases in cyber budgets are allocated to priority risks and help build long-term resilience.”