Over a fifth (22%) of UK businesses are planning to downsize their cybersecurity teams, despite COVID-19 pressures giving the function a greater role at the heart of organizations, according to PwC.
The consulting giant polled 3249 business and technology executives globally, including 265 from the UK, in order to compile its Cyber Security Strategy 2021 Report.
It revealed that, although 96% of UK respondents have shifted their strategy due to the pandemic, and half claimed that they will now bake security into every business decision, they’re still lagging globally on several fronts.
In terms of headcount, just 16% of global respondents said they are planning to cut the size of their security team, for example, while 51% said they were expecting to hire more staff, versus 42% in the UK.
Elsewhere, just 38% of UK respondents claimed they were very confident their security budget is being allocated to the right risks, versus 44% globally. However, on the positive side, 56% said they were planning to increase these budgets next year, despite only 36% being confident they are getting a good return on their investments.
PwC cybersecurity chair, Richard Horne, said it was surprising that so many organizations lack confidence in their cybersecurity spend.
“It shows businesses need to improve their understanding of cyber-threats and the vulnerabilities they exploit, while changing the way they think about cyber-risk so it becomes an intrinsic part of every business decision,” he argued.
Another area the UK appears to be lagging behind the rest of the world relates to the role of the CISO. Over two-fifths (43%) of global respondents agreed that there will be more frequent interactions between the CISO and CEO or board, but this fell to 34% in the UK.
All of this matters because COVID-19 is accelerating digital transformation and therefore expanding the potential corporate attack surface for many organizations.
A third (34%) of UK leaders said they plan to accelerate digitalization in light of the pandemic, and a majority cited attacks on cloud services (58%), “disruptionware” attacks on critical business services (52%) and ransomware (50%) as the most likely threats over the coming year, according to the report.