One in four (27%) companies around the world have suffered a data breach that cost them between $1 - 20 million or more in the past three years.
88% of Irish executives stated that their organisation had experienced an increase in cyber attacks since 2020 due to increased digital acceleration.
Cybercrime will continue to escalate in 2023 in areas such as business email compromise/account takeover, ransomware, cloud security and third party breaches.
Reliance on cloud and outsourcing to significantly increase cyber risk. Driven by events no-one could have foreseen in recent years, business leaders have pushed their organisations beyond their comfort zones to remote working, into the cloud and towards digital supply chains at a pace we could never have imagined.
75% of Irish organisations plan to increase their cybersecurity budget for 2023 in order to protect their organisations and information assets from these cyber attacks.
Despite cyber attacks continuing to cost businesses millions of euros, over eight out of ten Irish organisations surveyed admitted that they had not fully mitigated cybersecurity risk exposure in a number of critical areas. These are some of the key findings from PwC’s 2023 Global Digital Trust Insights study, which surveys more than 3,500 senior business executives across 65 countries including Ireland identifying the top cybersecurity challenges when it comes to securing their businesses. This press release deals mainly with the Irish survey results.
Looking to 2023, significant increases in cyber disruption in Ireland are expected, including:
Business email compromises/account takeovers (Ireland: 39%; Global: 33%).
Ransomware (Ireland: 33%; Global: 32%).
Attacks due to third party breaches (Ireland: 28%; Global: 29%).
Cloud services (Ireland: 28%; Global: 28%).
With the threat landscape ever-changing, over half of Irish respondents expect cyber attacks to be committed by cybercriminals (53%), hacktivists/cyber hackers (58%) and insiders such as employees/contractors (47%). At the same time, unauthorised access via mobile device is also expected to cause significant disruption in 2023 (Ireland: 58%; Global: 41%).
Reflective of enhanced cloud-based solutions imposed by COVID-19, the reliance on third-party providers is leading to a more complex cybersecurity risk profile. 88% of Irish executives admitted that their organisation had experienced an increase in cyber attacks since 2020 due to enhanced digitisation (Global: 89%). Worryingly, just 30% of Irish executives confirmed to have fully mitigated cybersecurity risks associated with accelerated cloud adoption in 2022 (Global: 35%). Outsourcing to third-party service providers is expected to significantly impact unauthorised access to IT systems in 2023 (Ireland: 42%; Global: 34%).
For operations-focused global executives surveyed, cybersecurity of the supply chain is a major concern. Nine in ten expressed concern about their organisation’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.
Leonard McAuliffe, Partner, PwC Ireland Cybersecurity Practice, said: “Driven by events no-one could have foreseen, business leaders in recent years have pushed their companies and themselves beyond their comfort zone - out of the office to remote workplaces, into the cloud and along supply chains that are nearly completely digital. With each new venture has come new cyber risks which are on the rise.
“We expect cyber attacks to escalate in 2023 in Ireland and globally with ransomware not abating. Cybercrime is one of the main causes of financial and reputational damage for organisations across the world, and is a growing concern for businesses.
“Data breaches are also a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and Boards. We see companies strengthening their cyber defenses and regulators are applying pressure to improve cyber resilience and build public trust.”
Only half (50%) of Irish participants confirmed that their organisation had detected a significant cyber threat and prevented it from impacting their operations (Global: 70%).
A large majority of Irish executives surveyed admitted that they had not fully mitigated cybersecurity risk in a number of critical areas over the last year. Key areas where such risk was not fully mitigated included: remote and hybrid work (Ireland: 86%; Global: 83%); cloud adoption (Ireland: 89%; Global: 84%); use of the internet of things (Ireland: 89%; Global: 85%) and the digitisation of the supply chain (Ireland: 92%; Global: 87%).
Global participants rank cybersecurity (52%) higher as a risk when it comes to their organisation’s resilience planning (Ireland: 38%). Many Irish organisations still take a narrow view of business wide resilience strategies. The survey reveals that less than half (44%) of Irish respondents formally coordinate business and disaster recovery, incident response and crisis management processes (Global: 52%). A similar proportion (42%) develop a broad understanding of the cyber risks they face across the entire business (Global: 62%).
The majority of executives surveyed said that their organisations are continuing to increase their cyber budgets. Three quarters (75%) of Irish participants confirmed that they plan to spend more on cyber in 2023 (Global: 65%).
It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. Aside from pure financial loss, the range of harm global organisations have experienced due to a cyber breach or data privacy incident over the past 3 years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%).
Leonard McAuliffe concluded: “Ensuring that IT and cybersecurity teams are prepared to handle any type of incident is vital, with cross-collaboration being critical. However, the survey shows that just 39% of Irish organisations promote an integrated and agile operation model that can respond to a diverse set of disruptive events (Global: 47%).
“At the same time, with a greater proportion of Irish business leaders planning to increase their cyber budget in 2023 compared to global peers, the survey shows that prevention of cybercrime is a key focus area for Irish businesses. Being able to prevent cybercriminals from compromising data and systems is critical to establishing digital trust among customers and third parties.
“Despite the progress that organisations have made in improving their cybersecurity programs, the survey shows that there is a lot more to do. There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting.”
Link to document: https://www.pwc.com/dti2023
The PwC 2023 Global Digital Trust Insights Survey captures the views of senior executives on the challenges and opportunities to improve and transform cybersecurity within their organisation in the next 12-18 months. The Survey includes 3,522 respondents across 65 countries including nearly 40 in Ireland. Companies with revenues greater than US$1 billion make up 52% of those surveyed; 25% have revenues greater than US$5 billion.
At PwC, our purpose is to build trust in society and solve important problems. We're a network of firms in 156 countries with over 295,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at pwc.com.
PwC refers to the PwC network or one or more of its member firms or both, each of which is a separate legal entity. Please see pwc.com/structure for further details.
© 2022 PwC. All rights reserved