So you wanna achieve cybersecurity excellence, do ya?
By Bobby Bono, Industrial Manufacturing Leader, PwC US
Heading into 2020, many executives were unaware of the cybersecurity challenges on the horizon. At the time, only 33% of CEOs expressed concern about cyber-threats when it came to their organization’s growth prospects; in 2021, that number jumped to 47%.
Undoubtedly, the pandemic has highlighted pressing cybersecurity issues, which are evolving area and must consistently be at the forefront.
Short-term priorities: looking ahead six months
While the end of the pandemic is in sight, it is unlikely companies will revert to the way things were previously done. The increasing use of digital has altered almost every aspect of personal and professional lives. Whether it is an enhanced digital-customer experience or the option to work remotely, individuals have grown accustomed to newfound ease and flexibility.
However, with digital use comes the understanding that cybersecurity solutions and tools must be a priority. Some executives already acknowledge this, with 28% of global COOs considering cyber-risks and attacks to be one of the top 10 challenges they’ll face over the next six months. The risk is more significant for B2B companies than B2C (30% v. 17%), so as leaders look to the short-term future they are prioritizing a number of actions and tools including: application security measures (52%), cyberattack preparedness exercises (46%), response and recovery plans (44%), coordination of data privacy and security (39%) and cybersecurity training (39%).
Executives also state 51% of their cybersecurity vulnerabilities in the next six months are tied back to the IoT, which prompts the question—what actions must be taken to address this head on?
Make the investment: In the last year, companies have made difficult decisions to survive the pandemic. 87% of manufacturing CFOs considered cost-containment measures because of COVID-19, whether that be layoffs/furloughs, pulling back on travel or even potential M&A. Despite this, it is clear that companies need to grow and evolve their businesses with technology investments.
On one hand, growth prospects have been difficult to project, given the volatility of the economy, making it harder to carve out funding for new investments. But without the investments, companies will be left behind. On the other hand, increased technology investments have opened the door for more cyber-risks.
Simply put, companies cannot invest in new technology for the future without simultaneously investing in protecting the very same technology.
Employees are the first line of defense: It is no surprise there has been an uptick in cyber-threats and risks associated with more people working remotely. While 70% of CISOs and CIOs say they increased security training as a result of COVID-19, only 30% of employees say their employer has offered training on the dos and don’ts of protecting company and personal digital assets, data and information.
Cyber-threats are much savvier than the typical pop-up ads. Something as simple as a fraudulent email from HR can undermine an entire business.
Shifting focus over the next 1-2 years
Cybersecurity is not a one-and-done occurrence. Once initial measures are put in place, it is time to shift focus to building the foundation for cybersecurity excellence. Manufacturing is not a siloed industry—supply chains span across numerous countries and industries. A company is only as secure as those it works alongside.
Looking ahead one to two years, companies should begin evaluating how they are addressing cybersecurity at every level of their organization.
After spending 2020 playing defense against cyberattacks, it is time to take a step back and create a secure foundation for the future. Taking lessons from the pandemic, 50% of CISOs are now more likely to consider cybersecurity in every decision. This includes the tasks of addressing cloud and network security, risk assessment and importantly, managing third-party vendor risk.
Build resilience: Companies are finding there is an immediate need to focus on R&D and data management, as cybercriminals are increasing their attacks with attempts to steal valuable intellectual property. Organizations must understand what is at stake and build a strategy to protect it.
Working alongside other stakeholders requires an understanding of the risks associated with it. Companies must determine what its stakeholders are doing to protect not only their own information but also any shared information. Engaging with stakeholders in this manner will build trust and protect business value.
Future-proof your security team: As cybersecurity remains top of mind across industries, companies are seeking qualified talent that has digital skills, business acumen and social smarts. Many organizations’ existing workforce already has two of three, and can learn the digital skills necessary for the role.
Almost a third (31%) of employees say the ability to learn new skills and apply them is important for their career path over the next three years. The workforce is a company’s most important asset and serves as the first line of defense against cyberattacks. Employees can be upskilled from day one to take on new roles within the organization. Companies can also identify leaders within the workforce to build a robust cybersecurity team from the ground up.
It is imperative that businesses focus on understanding how cybersecurity can affect their business. If companies do not prioritize vulnerability to cyber-threats until an attack strikes, it is too late. Addressing potential threats head on by developing short-term and long-term plans will build a strong cybersecurity foundation internally and externally.