Findings from PwC's Digital Trust Insights Survey 2024 from an Irish perspective
With the rise in digital innovation and cybersecurity regulations, organisations must adapt. Our Digital Trust Insights Survey provides a unique perspective on how senior executives are preparing for such changes, with cybersecurity at the epicentre.
The Digital Trust Insights Survey 2024 polled almost 4,000 business, technology and cybersecurity executives, focusing on how they see the technology and security landscape evolving in the future. Reinvention and innovation at the cutting edge of technology are front and centre in the minds of senior executives, with cybersecurity a key priority for organisations during this transformation. The challenges businesses face on their digital journey can materialise unexpectedly, giving rise to rapidly evolving cybersecurity threats.
Businesses now recognise the need to secure their digital platforms and invest in cybersecurity. Senior executives driving maturity in their cybersecurity programmes understand that a strategy is needed to address coming regulatory requirements and manage disruptive technologies.
The survey found that four in five senior executives plan to increase their cyber budget in 2024 to address modern needs. Key investment areas include regulatory compliance, simplifying and integrating cybersecurity technologies, moving towards a Zero Trust strategy and deploying generative artificial intelligence (GenAI) for security.
Regulators worldwide continue to bring cybersecurity into focus. The European Parliament, in particular, has prioritised cybersecurity and resilience, as evidenced by a wave of recent regulatory changes. EU-wide legislation such as the revised NIS Directive (NIS2) and the Digital Operational Resilience Act (DORA), along with the planned introduction of thematic cyber resilience stress testing for European banks by the ECB, demonstrates commitment at the regional level to mandate consistent cybersecurity standards across Europe. Regulatory compliance must therefore be a key focus area for Irish organisations.
With this increase in regulations, senior executives are expecting a significant rise in compliance costs and, in turn, are positioning regulatory compliance as a headline cost in their organisation’s cyber budgets for 2024. With 80% of senior executives planning to increase their cyber budget in 2024, according to the PwC Digital Trust Insights Survey, 50% of respondents in Ireland plan to prioritise compliance with regulations and directives in their cyber budget versus 31% of respondents globally. The stringent regulatory requirements being placed on European organisations may be a factor in businesses prioritising compliance as the EU aims to harmonise and enhance cybersecurity across the continent.
In the same vein, businesses in Ireland predict greater overheads in managing compliance compared to their peers globally. New regulation implies more business transformation activities and reporting requirements. 56% of Irish senior executives ranked the mandatory reporting of cyber risk management and compliance strategies, and the associated governance, among the top three regulatory principles that will affect future revenue growth for their organisation (global: 35%).
Cybersecurity is one of the leading causes of both financial and reputational damage for organisations. Third-party breaches remain a key concern for organisations worldwide, given their reliance on outsourcing and third-party providers. It is the number one cyber threat for 42% of Irish respondents to the Digital Trust Insights Survey.
Too often, organisations fall victim to breaches caused by third-party incidents, having failed to complete sufficient due diligence or conduct ongoing monitoring of the supplier in question. In recent years, third-party cyber attacks have become a growing and increasingly sophisticated cyber threat. Attack groups are now beginning to target relationships between organisations and their suppliers, vendors and third-party service providers to gain access to the organisation’s network or sensitive data. With cloud service providers forming an integral part of many organisations’ operations, this has led to a more complex cybersecurity risk profile. Worryingly, the Digital Trust Insights Survey shows that less than two-thirds of respondents have implemented a plan to manage the risks associated with cloud service providers.
In addition, the security of third-party relationships is under increasing scrutiny from regulators, specifically within Europe. Regulations such as DORA and NIS2 will hold organisations accountable for managing third-party and fourth-party risks, driving a consistent approach to third-party risk management. Organisations must act now to implement a third-party risk management programme to comply with regulatory requirements and avoid heavy penalties.
Many businesses have invested heavily in their cybersecurity technology portfolio to combat modern threats in an ever-changing cyber risk landscape. This has led organisations to implement various security solutions from different vendors. In our 2022 Digital Trust Insights Survey, PwC found that CEOs were particularly concerned that their organisations had become too complex to secure. Disparate security technologies pose a challenge in terms of effective management, coverage and utilisation. Without centralised oversight of their portfolio of security solutions, organisations run the risk of reduced visibility over security incidents across their IT estate, along with difficulty in aggregating events across different technologies that are not integrated. A lack of governance over the security tools used across the business can further diminish the return on cyber security investment.
The survey results show that organisations realise the importance of rationalising their cybersecurity technology portfolio. 45% of CISOs globally (Ireland: 38%) see the optimisation of their current cybersecurity solutions as a top three priority for 2024. Strategic investment in security technologies can help businesses maximise the value added by their cybersecurity spend and reduce reliance on tactical solutions. Compared with their peers worldwide, fewer senior executives in Ireland (46%) believe their businesses have the right amount of cybersecurity technology solutions (global: 69%).
On a sector level, the survey shows organisations in the financial services, energy and utilities, and technology, media and telecommunications (TMT) sectors are particularly keen to rationalise their current spend on cybersecurity platforms. When asked to rank their top three priorities for cyber spend in 2024, optimisation of current technology and investments was the most common response in these sectors. Across all sectors, optimisation ranked as the second most frequent response (45%) while modernisation of technology, including cybersecurity infrastructure, ranked highest (49%).
One of cybersecurity’s hottest topics right now is Zero Trust. Centred around the three core tenets of 'verify explicitly', 'grant least privilege' and 'assume breach', Zero Trust architectural strategies put an organisation’s data at the heart of security and enable risk-based access decision-making. The PwC Digital Trust Insights Survey 2024 shows that CISOs recognise the potential benefits of a Zero Trust strategy. Globally, 76% of respondents have adopted and implemented Zero Trust principles in their cybersecurity programme, with a further 15% planning to do so in the next three years. But in Ireland, just 53% of organisations have implemented Zero Trust principles while 30% plan to soon. CISOs in Ireland have been slower off the mark than their peers globally in embedding this modern approach to cybersecurity.
Results show that respondents from the energy and utilities (81%), health (80%), and TMT (81%) sectors were more likely to have implemented Zero Trust principles across their organisations. Not surprisingly, identity and access management (IAM) ranked as the top priority for 45% of respondents across all industries in the transition towards Zero Trust. This highlights the importance of identity verification, authentication factors and authorisation controls. Moreover, in the energy and utilities sector, network segmentation ranked as the number one priority (47%)—likely due to the sector’s need for highly segmented networks to secure their operational technology (OT).
Alongside Zero Trust, GenAI has emerged at the top of senior executive’s agendas for the next 12 months. Amid the public hype around GenAI, CISOs see it as a potentially crucial enabler for cybersecurity programmes. This is evidenced by the fact that 58% of the survey’s Irish respondents expect their business to deploy GenAI for cyber defence over the coming 12 months (global: 69%). GenAI tools can help reduce the disadvantage for cyber teams overwhelmed by the sheer number and complexity of human-led cyber attacks, both of which continually increase. Notably, only 37% of CISOs globally in the government and public services sector planned to use GenAI for cyber defence, with those in the energy and utilities sector (75%) leading the way.
GenAI has introduced new cybersecurity threats and compliance risks for senior executives to consider. According to the survey, 53% of Irish respondents expect GenAI to lead to catastrophic cyber attacks in the next 12 months (global: 52%), highlighting cyber security as a vital element of business transformation. GenAI-related risks for organisations can include:
cybersecurity;
privacy;
regulatory compliance;
third-party relationships;
legal obligations; and
intellectual property.
With these increased risks on the horizon, just 45% of senior executives in Ireland have included GenAI in their formal risk management plans—significantly less than their global counterparts at 58%. While GenAI could help enhance cybersecurity programmes by plugging skill gaps in a competitive talent market, supporting automated responses to critical incidents and even implementing risk-based access decisions aligned with Zero Trust principles, CISOs need to remain aware of the risks associated with GenAI and ensure the correct governance is applied in the implementation phase.
Assess your regulatory compliance
Implement an effective third-party risk management programme
Understand your cybersecurity technology portfolio
Create a Zero Trust roadmap
Integrate your organisation’s AI use cases into your risk management processes
As leaders in cybersecurity services, we are here to support your organisation’s digital transformation. Our network of experts are ready to help you plan strategic investment in cybersecurity and protect your organisation from cybercrime. If you have a question about the security of your business, contact us today.
