Cyber security a growing concern for UK businesses, says PwC survey

PwC building | PwC UK launches tax AI assistant with Harvey and OpenAI

Almost two thirds (66 percent) of UK business leaders expect the threat from cyber criminals to increase over the next 12 months, according to the latest PwC cyber security survey of business and technology executives.  

 Over the past year, several prominent ransomware attacks have caused a significant impact on organisations, with the added threat of ‘ransomware as a service’ in which ransomware developers lease out their malware in exchange for a share of the criminal profits. PwC’s research finds that 61 percent of UK respondents expect to see an increase in reportable ransomware incidents in 2022.  

Expectations of an increase in ransomware attacks reflects UK businesses’ concern about a broader increase over the next 12 months in cyber threats, including business email compromise (61 percent) and malware via software updates (63 percent). 

Moreover, the increased complexity of some organisations’ operations due to growth, mergers and acquisitions, or the rapid adoption of new technologies has made them more difficult to properly secure. 86 percent of UK respondents said that complexity in their organisation creates concerning levels of risk. This concern is primarily caused by a network of multi-vendor environments. Notably, 64 percent of UK respondents expect an increase in attacks on their cloud services over the next year, however only 41 percent profess to understand cloud risks based on formal assessments.  

 Almost two-thirds of UK organisations (63 percent) are increasing their cyber security budgets over the coming year, compared to 56 percent in last year’s survey. Furthermore, nearly a quarter of organisations (24 percent) plan to increase their cyber security spend by 10 percent or more.  

Richard Horne, cyber security chair at PwC UK, said: “Even when their own cyber defences are solid, organisations can be vulnerable to an attack through their suppliers. A sophisticated cybercriminal will always search for the weakest link. It is essential for business leaders to fully understand and manage their organisation’s web of third-party relationships. However, our research shows that fewer than half of UK respondents say they have responded to the escalating threats that complex business ecosystems pose. 

“As cyber security budgets increase, organisations are faced with the challenge of ensuring they get the best return on their investment. Our research found that few organisations are confident they are reaping the rewards from increased spending. For example, while 37 percent of UK respondents said they had implemented cloud security at scale, just 18 percent are fully realising the benefits of their investment. The remainder either weren’t investing in this area or hadn’t yet implemented it at scale. 

“To overcome this challenge and build greater confidence in their security investments, organisations must improve their cyber risk modelling and analysis. This ensures increases in cyber budgets are allocated to priority risks and help build long-term resilience.”