Nearly three-quarters (72%) of CEOs in Central and Eastern Europe (CEE), including Romania, expect cybercrime to increase in 2022, as last year was one of the most challenging ever for cybersecurity, according to the CEE edition of the PwC 2022 Digital Trust Insights. Only 60% of CEOs in Europe, the Middle East, and Africa region and globally expect an increase in cybercrime, with the difference being due to the maturity of cybersecurity ecosystems.
Although most CEE companies have increased investment in cybersecurity and data protection, only 20% of their CEOs report seeing any benefits so far. That raises the question of how future investments should be allocated to be effective.
“The report’s data shows that there is a high level of awareness that cybersecurity risks are on the rise. At the same time, organizations understand that there are growing challenges when it comes to gaining the trust of customers and other business partners that their data will be protected. Under those circumstances, investment in cybersecurity has increased, but, in the absence of a coherent strategy for technology adoption and implementation, the result has often been only increased complexity within organizations, with no visible benefit from the allocation of those funds. Unfortunately, high complexity amplifies cyber risks”, said Mircea Bozga, Partner Risk Assurance PwC Romania.
Thus, about half of the CEE respondents confirm that high organizational complexity creates cyber and privacy risks, with data governance (64%) and cloud (63%) ranking highest in this respect. The percentage is higher globally, with almost three-quarters of respondents indicating that high organizational complexity creates security and privacy risks.
Risky organizational habits include using multiple technology solutions that don’t work together and failing to follow data management or risk management processes with third parties.
Without focused attention on simplifying cyber ecosystems, organizations can become vulnerable, with a potential ripple effect of consequences throughout an organization’s operations.
“When we talk about simplifying cybersecurity, adopting multiple technology solutions is only part of the answer. However, a unified strategy is needed, with technology, processes, teams, and management aligned across the whole organization with business objectives to strengthen resilience to any type of disruption”, said Robert Girdoc, Senior Manager Risk Assurance PwC Romania.
CEE CEOs perceive the main consequence of cyber complexity to be a lack of operational resilience or inability to recover from a cyberattack or technological failure. That is followed by concerns regarding an inability to retain talent and the potential for financial losses from security breaches and cyberattacks.
When asked where they would focus their spending to simplify cybersecurity, CEE respondents said that they would focus more on streamlining technology and restructuring security teams, followed by introducing process-level controls and reducing the use of outdated technologies.