PwC: 72 percent of Central and Eastern Europe CEOs anticipate an increase in cybercrime in 2022

Nearly three quarters (72 percent) of CEOs in Central and Eastern Europe (CEE), including Romania, expect cybercrime to increase in 2022, as last year was one of the most challenging ever for cybersecurity, according to the CEE edition of the PwC 2022 Digital Trust Insights. Only 60 percent of CEOs in the Europe, Middle East and Africa region and globally expect an increase in cybercrime, with the difference being due to the maturity of cybersecurity ecosystems.

Although most CEE companies have increased investment in cybersecurity and data protection, only 20 percent of their CEOs report seeing any benefits so far. That raises the question of how future investments should be allocated to be effective.

“The report’s data shows that there is a high level of awareness that cybersecurity risks are on the rise. At the same time, organisations understand that there are growing challenges when it comes to gaining the trust of customers and other business partners that their data will be protected. Under those circumstances, investment in cybersecurity has increased, but, in the absence of a coherent strategy for technology adoption and implementation, the result has often been only increased complexity within organisations, with no visible benefit from the allocation of those funds. Unfortunately, high complexity amplifies cyber risks”, said Mircea Bozga, Partner Risk Assurance PwC Romania.

Thus, about half of the CEE respondents confirm that high organisational complexity creates cyber and privacy risks, with data governance (64 percent) and cloud (63 percent) ranking highest in this respect. The percentage is higher globally, with almost three quarters of respondents indicating that high organisational complexity creates security and privacy risks.

Risky organisational habits include using multiple technology solutions that don’t work together and failing to follow data management or risk management processes with third parties.

Without focused attention on simplifying cyber ecosystems, organisations can become vulnerable, with a potential ripple effect of consequences throughout an organization’s operations.

“When we talk about simplifying cybersecurity, adopting multiple technology solutions is only part of the answer. However, a unified strategy is needed, with technology, processes, teams and management aligned across the whole organisation with business objectives to strengthen resilience to any type of disruption”, said Robert Girdoc, Senior Manager Risk Assurance PwC Romania.

CEE CEOs perceive the main consequence of cyber complexity to be a lack of operational resilience or inability to recover from a cyberattack or technological failure. That is followed by concerns regarding an inability to retain talent and the potential for financial losses from security breaches and cyberattacks.

When asked where they would focus their spending to simplify cybersecurity, CEE respondents said that they would focus more on streamlining technology and restructuring security teams, followed by introducing process-level controls and reducing the use of outdated technologies.