Cybercrime set to escalate driven by greater reliance on the cloud and third party providers - PwC 2023 Digital Trust Insights Survey

Despite cyber attacks continuing to cost businesses millions of euros, over eight out of ten Irish organisations surveyed admitted that they had not fully mitigated cybersecurity risk exposure in a number of critical areas. These are some of the key findings from PwC’s 2023 Global Digital Trust Insights study, which surveys more than 3,500 senior business executives across 65 countries including Ireland identifying the top cybersecurity challenges when it comes to securing their businesses. This press release deals mainly with the Irish survey results. 

Cybercrime will continue to escalate in 2023

Looking to 2023, significant increases in cyber disruption in Ireland are expected, including:    

• Business email compromises/account takeovers (Ireland: 39%; Global: 33%).

• Ransomware (Ireland: 33%; Global: 32%).

• Attacks due to third party breaches (Ireland: 28%; Global: 29%). 

• Cloud services (Ireland: 28%; Global: 28%).

With the threat landscape ever-changing, over half of Irish respondents expect cyber attacks to be committed by cybercriminals (53%), hacktivists/cyber hackers (58%) and insiders such as employees/contractors (47%). At the same time, unauthorised access via mobile device is also expected to cause significant disruption in 2023 (Ireland: 58%; Global: 41%). 

Reliance on cloud and outsourcing to significantly increase cyber risk

Reflective of enhanced cloud-based solutions imposed by COVID-19, the reliance on third-party providers is leading to a more complex cybersecurity risk profile. 88% of Irish executives admitted that their organisation had experienced an increase in cyber attacks since 2020 due to enhanced digitisation (Global: 89%). Worryingly, just 30% of Irish executives confirmed to have fully mitigated cybersecurity risks associated with accelerated cloud adoption in 2022 (Global: 35%). Outsourcing to third-party service providers is expected to significantly impact unauthorised access to IT systems in 2023 (Ireland: 42%; Global: 34%).   

For operations-focused global executives surveyed, cybersecurity of the supply chain is a major concern. Nine in ten expressed concern about their organisation’s ability to withstand a cyber attack that disrupts their supply chain, with 56% extremely or very concerned.

Leonard McAuliffe, Partner, PwC Ireland Cybersecurity Practice, said: “Driven by events no-one could have foreseen, business leaders in recent years have pushed their companies and themselves beyond their comfort zone - out of the office to remote workplaces, into the cloud and along supply chains that are nearly completely digital. With each new venture has come new cyber risks which are on the rise.

“We expect cyber attacks to escalate in 2023 in Ireland and globally with ransomware not abating. Cybercrime is one of the main causes of financial and reputational damage for organisations across the world, and is a growing concern for businesses.    

“Data breaches are also a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and Boards. We see companies strengthening their cyber defenses and regulators are applying pressure to improve cyber resilience and build public trust.” 

More to do to mitigate cyber risk - only half of Irish organisations had prevented a significant cyber threat from impacting operations

Only half (50%) of Irish participants confirmed that their organisation had detected a significant cyber threat and prevented it from impacting their operations (Global: 70%). 

A large majority of Irish executives surveyed admitted that they had not fully mitigated cybersecurity risk in a number of critical areas over the last year. Key areas where such risk was not fully mitigated included: remote and hybrid work (Ireland: 86%; Global: 83%); cloud adoption (Ireland: 89%; Global: 84%); use of the internet of things (Ireland: 89%; Global: 85%) and the digitisation of the supply chain (Ireland: 92%; Global: 87%).  

Global participants rank cybersecurity (52%) higher as a risk when it comes to their organisation’s resilience planning (Ireland: 38%). Many Irish organisations still take a narrow view of business wide resilience strategies. The survey reveals that less than half (44%) of Irish respondents formally coordinate business and disaster recovery, incident response and crisis management processes (Global: 52%). A similar proportion (42%) develop a broad understanding of the cyber risks they face across the entire business (Global: 62%).

Irish organisations plan to spend more on cybersecurity in 2023 

The majority of executives surveyed said that their organisations are continuing to increase their cyber budgets. Three quarters (75%) of Irish participants confirmed that they plan to spend more on cyber in 2023 (Global: 65%).

It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to marketing-oriented execs surveyed. Aside from pure financial loss, the range of harm global organisations have experienced due to a cyber breach or data privacy incident over the past 3 years include loss of customers (cited by 27%), loss of customer data (25%) and reputational or brand damage (23%).  

Leonard McAuliffe concluded: “Ensuring that IT and cybersecurity teams are prepared to handle any type of incident is vital, with cross-collaboration being critical. However, the survey shows that just 39% of Irish organisations promote an integrated and agile operation model that can respond to a diverse set of disruptive events (Global: 47%). 

“At the same time, with a greater proportion of Irish business leaders planning to increase their cyber budget in 2023 compared to global peers, the survey shows that prevention of cybercrime is a key focus area for Irish businesses. Being able to prevent cybercriminals from compromising data and systems is critical to establishing digital trust among customers and third parties.

“Despite the progress that organisations have made in improving their cybersecurity programs, the survey shows that there is a lot more to do. There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting.”