PwC survey finds with growing cybersecurity threats, businesses need to build trusted brands in the cloud

62% of organisations in Mainland China and Hong Kong anticipate an increase in cyber-crime in 2022 due to attacks on cloud services.

In an age of digital transformation, ever more sophisticated attackers are plumbing the dark corners of systems and networks, seeking and finding vulnerabilities. The consequences of an attack rise as systems’ interdependencies grow more and more complex. Critical cloud infrastructure is especially vulnerable. And yet, many cloud security breaches are still preventable with sound cyber practices and strong controls.

In a period of growing complexity in the business world, CEOs need to modify operating models when the security team identifies bad habits in order to make the company “simply secure”. For example, in the name of speed, a “get to market first, fix security later” mindset prevails. Companies aren’t fully mitigating remote work risks. Business units often buy technologies and contract with third parties autonomously. Cybersecurity is too often an afterthought in cloud adoption or transformation.

Most cloud-related cyber incidents are due to potential misconfigurations, ineffective patch management and leaked credentials. These enable threat actors to perform attacks such as password spraying and exploitation of known vulnerabilities to compromise otherwise secure cloud platforms. Potential impacts range from ransomware and sensitive data exfiltration to unintended excessive resource usage for cryptomining.

Kok Tin Gan, PwC Hong Kong Cybersecurity and Privacy Partner, said: “CEOs in Mainland China and Hong Kong tend to be more concerned about cyber and privacy risks arising from complexities in the cloud environment, governance of tech projects, and multi-vendor environments including cloud, technology solutions and technology interoperability. Moving to the cloud can help simplify business processes and IT architecture, provide flexibility and accelerate innovation. Done right, cloud transformations can be secure, efficient and successful. Organisations must step up to build trust in their data - making sure it is accurate, verified and secure, so that customers and other stakeholders can trust that their information will be protected in the cloud”. 

However, organisations using the cloud to simplify, minimise and combine their tech stack and processes may feel like a bold move. Doing so requires asking hard questions and maintaining a keep-it-simple mindset. To get there, organisations will need security-minded leadership starting at the very top. 

PwC 2022 Global Digital Trust Insights Survey shows organisations in Mainland China and Hong Kong (82%) predicted a rise in cyber spending in 2022. Among the respondents, 62% expect an increase in reportable incidents of cyber-crime in 2022 from attacks on cloud services. With a growing threat to cybersecurity, businesses need to step up and build a trusted brand in the cloud. Most realise benefits from implementation by prioritising investments in cloud security (23%).

Cloud security is the top investment priority of respondents in Mainland China and Hong Kong. This is encouraging — but only 23% report realising benefits from these investments. Forty percent have implemented cloud security at scale but haven’t fully benefited from cloud security investments; and 38% are just starting or planning theirs.

Felix Kan, PwC Hong Kong Cybersecurity and Privacy Partner, concluded: “The most advanced organisations see cybersecurity as more than defense and controls, but as a means to drive sustained business outcomes and build trust with their customers by shift left security, compliance and building auto-healing platform during cloud migration. As leaders of organisations, CEOs set the tone for their cyber teams to focus on bigger-picture, growth-related objectives, rather than narrower, short-term expectations. Companies may be overlooking the riskiest cyber threats of all. By placing cloud security front-row-center, you can avoid the unnecessary and costly complexities you may see when it’s an afterthought. At PwC, we aim to make cybersecurity easier for businesses and our services accessible to everyone – not only large corporations.”