Tech executives consider business email compromise (BEC), ransomware and attacks on cloud management interfaces as the threats most likely to increase from this year to the next, and singled out mobile, email and cloud as the main attack vectors for 2023, according to PwC.
The consulting giant polled 3522 business, tech and security execs to compile its 2023 Global Digital Trust Insights report. Over half hailed from companies with over $1bn in revenue, and 16% from firms with $10bn or more.
The majority (70%) of tech and business executives have seen improvements in their cybersecurity this year, but fewer than 40% have fully mitigated emerging risks.
Most respondents claimed progress on several fronts, notably in operational technology (OT) security (79%), ransomware defenses (77%), security by design, and increasing the efficiency of cyber resources (both 75%).
However, less than 3% believe they have fully mitigated cyber risk related to all initiatives outlined in the report – which range from hybrid work and cloud adoption to IT–OT convergence and supply chain digitization.
Larger organizations are significantly more likely to be affected by risks related to the software supply chain, cloud-based pathways and operational technology, the report claimed.
The report also highlighted several serious concerns among those global organizations polled, namely:
- Just a fifth (19%) of respondents are fully confident they have taken steps to secure against the top four causes of cloud breaches
- 56% of chief operating (COO) and chief risk officers (CROs) are extremely or very concerned about their company’s ability to withstand supply chain attacks
- Less than half (46%) of COO/CROs have controls in place to mitigate serious cyber-related disruption
- Over half (54%) of CIOs/CISOs say security staff attrition is a problem
Given the average size of most of the organizations polled and the wealth of resources at their disposal, such concerns may be amplified even further among their smaller counterparts.