Cloud security top risk to enterprises in 2023, says study

Cloud-related risks are top of the cyber security agenda for senior executives in the UK, according to a PwC study, with 39% expecting such risks to “significantly affect” their organisation in the coming months, more so than other forms of cyber risk emanating from other sources, such as physical endpoints, web applications, or software supply chains.

Moving into the second month of the year, the findings from PwC’s Global digital trust insights survey, which polled thousands of decision-makers globally in the summer of 2022, anticipate a clear spike in attacks against cloud management interfaces in particular, cited by 33% of UK respondents as a potential problem.

To a lesser degree, organisational leadership is also concerned about business email compromise (BEC) and so-called “hack and leak” attacks, cited by 27%.

Meanwhile, 24% expect ransomware attacks to significantly increase, and 20% are worried that attacks on the industrial internet of things (IIoT) and operational technology (OT) assets will rise significantly.

“In part, the increase in cloud-based threats is a result of some of the potential cyber risks associated with digital transformation,” said Richard Horne, PwC cyber security chair.

“An overwhelming majority (90%) of UK senior executives in our survey ranked the ‘increased exposure to cyber risk due to accelerating digital transformation’ as the biggest cyber security challenge their organisation has experienced since 2020.

“However, these digital transformation efforts – which include initiatives such as migration to cloud, moving to ecommerce and digital service delivery methods, the use of digital currencies and the convergence of IT and operational technology – are critical to future-proofing businesses, unlocking value and creating sustainable growth.”

Indeed, about two-thirds of UK respondents told PwC they had not yet fully mitigated the risks associated with digital transformation, in spite of the potential cost, and reputational damage, of an incident – 27% of global chief financial officers who took part said they had experienced an incident in the past three years that had cost over $1m.

On a brighter note, there does seem to be plenty of money available to help, which runs contrary to forecasts from analysts at Forrester, who predicted a 3.6% decline in general IT spending this year as organisations face a budget shortfall. Cyber security seems relatively unaffected by PwC’s metrics, with 59% of UK respondents saying they expect their security budgets to increase.