普華永道：2021年全球數字信任調查報告 - （英文版）.pdf

1、Global Digital Trust Insights Survey 2021 Cybersecurity comes of age PwC | Global Digital Trust Insights Survey 20212 Content Overview . 3 1. Reset your cyber strategy, evolve leadership for these new times .4 2. Rethink your cyber budget to get more out of it .9 3. Invest in every advantage to leve

2、l the playing field with attackers .14 4. Build resilience for any scenario .19 5. Future-proof your security team .26 Industry insights.31 About the survey .39 Demographics .41 Contact us .45 PwC | Global Digital Trust Insights Survey 20213 Cybersecurity comes of age Five moves to get to the next l

3、evel Just decades after coming out from under ITs wing, the cybersecurity profession has matured. Since the Massachusetts Institute of Technology was granted the first US patent for a cryptographic communication system in 1983, the industry has grown by leaps and bounds with a long list of growing p

4、ains. Armed with the insight and foresight that only experience and wisdom can provide, cyber stands at a critical, pivotal and exciting time for the industry and the organizations and people it serves. Our findings from the Global Digital Trust Insights 2021 survey of 3,249 business and technology

5、executives around the world tell us whats changing and whats next in cybersecurity. No longer solely reactive although it is that cybersecurity has become more thoughtful and forward-thinking, with the knowledge and technologies to stop attacks before they start. No longer technology-focused althoug

6、h tech is very much in the picture security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole. As a result, cyber is leveling the playing field with attackers, pushing back and fending off as never before. The timing couldnt be b

7、etter. Recent shifts in business models have prompted many enterprises to speed up their digitization programs. CEOs and boards are turning to their CISOs for help increasing their resilience and creating business value. Technology is maturing, too, simplifying cybersecuritys work and integrating it

8、 with the business as a whole. Digital solutions are adding layers of protection and continuously monitoring systems automatically for a simpler, more integrated approach to security. CISOs are able to take the long, strategic view needed from them now. When spot fires are not demanding their attent

9、ion, security managers are able to let their imaginations roam, for more creative solutions. 1 Reset your cyber strategy, evolve leadership for these new times PwC | Global Digital Trust Insights Survey 20215 Business transformations are more sweeping and rapid Businesses are changing. Accelerated d

10、igitalization for growth 40% Permanent, full-time remote work for more workers 39% Larger weight on the quality on IT and telecommunications infrastructure in location decisions 37% Accelerated automation for cost-cutting 35% Continuously updated resilience plans and tests 33% Source: PwC Global Tru

11、st Insights Survey 2021, October 2020: base 3,249 Q: Which of the following changes are most likely to be impacts of the COVID-19 experience in your industry? .and their ambitions are rising. Modernizers 45% 31% Redefi ners 9% 21% Explorers 9%18% Effi ciency seekers 35% 29% Source: PwC Global Trust

12、Insights Survey 2021, October 2020: base 3,249 Q: What is the primary aspiration for your enterprise-wide, technology-driven business transformation or major digital initiatives? 20192020 In the pandemics first three months, CEOs report, their organizations digitized at surprising speed, advancing t

13、o year two or three of their five-year plans. The future is now: digital health, industrial automation and robotics, enhanced ecommerce, customer service chat bots, virtual reality-based entertainment, cloud kitchens, fintech, and more. The health crisis and economic recession have stoked further ch

14、ange, according to our Global DTI 2021 survey: 40% of executives say theyre accelerating digitization perhaps taking on business strategies they hadnt imagined before. Their digital ambitions have skyrocketed. Twenty-one percent are changing their core business model and redefining their organizatio

15、ns (the “redefiners”), while 18% are breaking into new markets or industries (the “explorers”). Both categories have doubled since our survey last year. Doing things faster and more efficiently is the top digital ambition for 29% of executives (“efficiency seekers”), while 31% are modernizing with n

16、ew capabilities (“modernizers”). More than one-third 35% say theyre speeding up automation to cut costs, which is no surprise at a time when revenues are down. PwC | Global Digital Trust Insights Survey 202166 New times call for a resetting of cyber strategy .and so are their cyber strategies Cybers

17、ecurity and privacy baked into every business decision or plan 50% New process of budgeting for cyber spend or investments 44% Better and more granular quantifi cation of cyber risk 44% More frequent interactions between CISO and the CEO or boards 43% Greater resilience testing for more low-likeliho

18、od, high-impact events 43% No change due to COVID-19 4% Dont know/unsure 1% Source: PwC Global Trust Insights Survey 2021, October 2020: base 3,249 Q: Which of the following changes are most likely to be impacts of the COVID-19 experience on cybersecurity in your industry? New technologies and busin

19、ess models and the fast pace of adoption bring new risks. But, like the high-powered brakes on a racecar, cybersecurity makes high-speed digital change a lot safer. Nearly all (96%) say theyll adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in

20、every business decision thats up from 25% in our survey last year. Savvy CISOs are in step with the vision and goals of their enterprise as a whole, not just IT. “One of our key jobs is to engage with our partners throughout the organization that will help us achieve our objectives. If I havent crea

21、ted a culture where people want to engage and proactively come to security rather than shy away from us, I dont think well be able to get there,” said Katie Jenkins, CISO, Liberty Mutual. PwC | Global Digital Trust Insights Survey 20217 7PwC | Global Digital Trust Insights Survey 2021 One of our key

22、 jobs is to engage with our partners throughout the organization that will help us achieve our objectives. If I havent created a culture where people want to engage and proactively come to security rather than shy away from us, I dont think well be able to get there. Katie Jenkins CISO, Liberty Mutu

23、al PwC | Global Digital Trust Insights Survey 20218 CISOs are evolving to the needs of business CISOs need to play encompassing roles to help Steward of costs Resilience czar Data value creator and protector Enterprise risk authority Experience offi cer Transformational leader Operational leader and

24、 master tactician 20% 20% 16% 15% 12% 10% 8% Source: PwC Global Trust Insights Survey 2021, October 2020: Base 3,249 Q: What is the primary role your organizations CISO needs to play to help your organization achieve its growth and strategic objectives in the next two years? New times also call for

25、new CISO leadership modes. Forty percent of executives say they need the CISO to be a transformational leader (20%) or an operational leader and master tactician (20%). These roles are encompassing and call for the multifaceted expertise that CISOs have built. The transformational CISO leads cross-

26、functional teams to match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans. The operational leader and master tactician is a tech-savvy and business-savvy CISO who can deliver consistent system performance, with se

27、curity and privacy throughout the organization and its ecosystem amid constant and changing threats. Some CISOs already inhabit these roles, and are exhibiting four qualities most prized by executives: strategic thinking (38%), the ability to take smart risks (38%), leadership skills (36%), and abil

28、ity to recognize and nurture innovation (34%). From cybersecurity to digital trust Its a critical juncture for cybersecurity and CISOs. A business-driven cyber strategy is the important first step for business and security leaders amid sweeping, rapid business digitization. This reset not only defin

29、es the expanding role of the CISO, it also affects the way the organization sets cyber budgets, invests in security solutions, plans for resilience, and enhances its security organization. It determines whether CISOs may grow to become stewards of digital trust, able to lead their organizations secu

30、rely into the new era with strategies to protect business value and to create it. PwC | Global Digital Trust Insights Survey 20219 2 Rethink your cyber budget to get more out of it PwC | Global Digital Trust Insights Survey 202110 Cyber budgets will rise for half of the businesses surveyed Fifty-fiv

31、e percent of technology and security executives in our Global DTI 2021 survey plan to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021 even as most (64%) executives expect business revenues to decline. Clearly, cybersecurity is more business-critical than ever befo

32、re. Still, 26% will need to do more with less, and 13% will have to make do with static budgets. “The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure that the investments were making are efficient and high-value,” says Katie Je

33、nkins, CISO, Liberty Mutual. Getting the most value for every cybersecurity dollar spent becomes more critical as entities digitize: every new digital process and asset becomes a new vulnerability for cyber attack. More are increasing cyber budgets than decreasing them in 2021 Net: Decrease 26% Net:

34、 Increase 55% 2% Decrease by more than 20% 1% Dont know/unsure 10% 4% 4% 11% 25% 13% 22% 8% Decrease by 1120% Cannot determine at this time Decrease by 610% Decrease by 5% or less Unchanged Increased by 5% or less Increased by 610% Increased by more than 10% Source: PwC, Global Digital Trust Insight

35、s Survey 2021, October 2020: base 3,249 Q: How is your cyber budget changing in 2021? base 1,414 PwC | Global Digital Trust Insights Survey 20211111PwC | Global Digital Trust Insights Survey 2021 The circumstances we find ourselves in with the economy are putting a lot of pressure on security organi

36、zations to make sure that the investments were making are efficient and high-value. Katie Jenkins CISO, Liberty Mutual PwC | Global Digital Trust Insights Survey 202112 Most executives lack confidence in the budgeting process Confi dence in current cyberbudgets and processes is low today (Percentage

37、 of respondents who are not very confi dent) Our cyber budget/process is: Source: PwC, Global Digital Trust Insights Survey 2021, October 2020: base 3,249 Q: Regarding your organizations current cyber budget and processes, how confi dent are you with regard to the following? 54.4% Includes process m

38、onitoring the effectiveness of our cyber program against the spending on cyber 53.2% Linked to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way Allocated towards the most signifi cant risks to the organization 54.8% Focused on remediation, risk mitigation

39、, and/or response techniques that will provide the best return on cyber spending 55% Integrated with decisions on capital requirements needed in the event of a severe cyber event 55.4% Adequate digital trust controls over emerging technologies for security, privacy, and data ethics 58% More than hal

40、f (55%) of business and tech/ security executives lack confidence that cyber spending is aligned to the most significant risks. Or that their budget funds remediation, risk mitigation and/or response techniques that will provide the best ROI (55%). Or that budgets provide the resources needed for a

41、severe cyber event (55%). Or that the process monitors the cyber programs effectiveness compared to expenditures (54%). Cyber budgets could and should link to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way, but 53% lack confidence that their current pro

42、cess does this. And with regard to preparedness for future risks, executives are not confident that cyber budgets provide adequate controls over emerging technologies (58%). With confidence lagging in the process used to fund cybersecurity, executives say its time for an overhaul. Forty-four percent

43、 say theyre trying new budgeting processes, and considering how best to convince the CEO and board to assign needed funds. Nevertheless, more than one-third strongly agree that organizations can strengthen their cyber posture while containing costs thanks to automation and rationalization of tech. P

44、wC | Global Digital Trust Insights Survey 202113 Putting a dollar amount on cyber risk is a must Putting a dollar amount on the value of a cyber project, in terms of risk reduction or less costly compliance, allows comparison of the costs and value of cyber investments so they can be prioritized. Qu

45、antification also makes it easier to measure the value of the overall portfolio of cyber investments against business objectives. This kind of rigor and sophistication will be increasingly demanded especially as the markets and regulators hold CEOs and board members more accountable for cybersecurit

46、y and privacy. Cyber managers can do more with less, but to do so they need to quantify cyber risk and use the information to make smart choices that protect the businesss security, privacy, and cash flow. Seventeen percent of the executives in our Global DTI survey have quantified cyber risks, and

47、are realizing benefits from doing so. For instance, a highly acquisitive company that quantifies cyber risks can evaluate deal opportunities faster and more systematically. A financial institution that handles millions of transactions a day can do daily and weekly threat and vulnerability assessment

48、s staying alert to the performance of underlying controls and any need to reallocate resources. Cyber risk quantification is not for the faint- hearted, with many obstacles in the way: lack of a widely accepted model, lack of people who understand cyber and risks from a business lens, and lack of sc

49、alability. Nevertheless, nearly 60% are beginning to quantify risks or have implemented at scale. And nearly everyone else (17%) plans to begin risk quantification within the next two years. Raising confidence in budget decisions The economics of cybersecurity has long focused on the cost side (comp

50、liance, updating capabilities, and so on). This must change. The cyber strategy reset considering cybersecurity in every business decision means connecting cyber budgets to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way. PwC | Global Digital Trust Insig