The PwC CFO Survey Series: Cybersecurity

PwC asked CFOs of large corporates in Belgium across a variety of sectors to weigh in on the effects of the crisis on the cybersecurity landscape and their cybersecurity strategies, plans and predictions for a post-COVID-19 world.

Download the full report

The PwC CFO Survey Series

The current economic crisis due to the COVID-19 pandemic is rippling throughout businesses across the globe. To gauge its impact on Belgian companies, we’ve launched the PwC CFO Survey Series, consisting of monthly surveys on the effects of the crisis on finance, operations, workforce, supply chains and more. 

Survey 2: Cybersecurity

The second edition of the CFO Survey Series delves into cybersecurity. PwC asked CFOs of large corporates in Belgium across a variety of sectors to weigh in on the effects of the crisis on the cybersecurity landscape and their cybersecurity strategies, plans and predictions for a post-COVID-19 world. 

For an overview of PwC Belgium’s cybersecurity and privacy services, please visit www.pwc.be/cyber.



What are your organisation's predictions in terms of revenue in the coming 6 months?


Revenue fall of more than 20%
%
Revenue will fall within 10% - 20%
%
Revenue to fall 10% of less
%
Stable of increased revenues
%
  • 76%

    of CFOs in Belgium say cybersecurity budgets are set to increase in the wake of the crisis

  • 48%

    of respondents cite ransomware for financial gain as their top cybersecurity concern

  • 66%

    of CFOs indicate an uptick in cyber attacks during the crisis

  • 76%

    of CFOs plan to increase cybersecurity awareness organisation-wide

CFO Survey Series barometer questions

Each edition of the PwC CFO Survey Series begins with two barometer questions to gauge CFOs’ predictions about the Belgian economy and company revenues over the course of the surveys. 

CFOs in Belgium expect an economic downturn, but only a slight decline in revenues

In the latest survey, most respondents (69%) said they expect Belgian economic growth to decline, with 17% predicting it will decline greatly. This is more optimistic than the results of CFO Survey 1: Financial Resilience, which was conducted the week of 8 June 2020. Respondents also predict a decrease in their company revenues of 10% or less in the coming six months, as indicated by 45%, while 28% expect revenues to remain stable or even increase. CFOs’ revenue projections are also slightly more optimistic than June’s financial barometer. 



Do you believe Belgian economic growth will improve, stay the same, or decline over the next 12 months?


Decline greatly
%
Decline moderately
%
Stay the same
%
Improve moderately
%
Improve greatly
%


How will your IT security budgets evolve over the coming period?


Significant increase
%
Slight increase
%
Decrease
%
Stay the same
%
Don't know
%

Cyberattacks during COVID-19 

Cybersecurity is especially relevant these days, as malicious actors are using the fear, uncertainty and doubt around COVID-19 to create their own epidemic of hacking attacks: in the early stages of the crisis, Google reported that every day it blocked more than 18 million malware and phishing emails related to COVID-19 * that try to persuade users to click malicious links, enter their credentials on fake websites, or download malware, often masquerading as government announcements, charity or a cure for the virus.

* cloud.google.com

Pandemic security spending and cyber crime incidents

The majority of survey respondents (62%) indicated that cybersecurity budgets will increase slightly as a result of the crisis. In relative terms, this reflects the allocation of a larger proportion of funds to cybersecurity than to other areas, as budgets are subject to significant cuts elsewhere. When asked if they perceived an uptick in cyberattacks since the onset of the pandemic, just 14% of CFOs in Belgium indicated a significant increase in malicious cyber activity within their organisations.

Ingvar Van Droogenbroeck, Partner in PwC Belgium’s Cyber & Privacy practice, explains: “While cybercrime overall was already on the rise before the COVID-19 crisis started making headlines, the trend of recent attacks to target individuals continues. With a significant portion of the workforce operating remotely, hackers see their odds improve and they are zeroing in on those remote workers. Cyber criminals are playing on people’s fear while leveraging the fact that online safety and security measures at home aren’t always bulletproof.”

Ingvar Van Droogenbroeck, Partner in PwC Belgium’s Cyber & Privacy practice

Top cyber threats to organisations

When asked to list the most significant cyber threats facing their companies, 48% of CFOs in Belgium cited ransomware for financial gain as their top concern. Other information theft (such as personal data) ranked second, according to 34% of respondents. Also in the top three perceived threats were other malware (including cryptomining) and denial of service attacks (both indicated by 31% of participants as a main concern).



What are the main cyber threats your organisation is facing?


Ransomware (for financial gain)
%
Other information theft (e.g. personal data)
%
Denial of service (of your website or other systems)
%
Other malware (incl. e.g. cryptomining)
%
Costs of incident response and remediation
%
Other disruption of services / operations
%
Espionage, intellectual property theft
%

Cybersecurity and remote working

Widespread teleworking during the pandemic has increased risk in several areas. Among survey respondents, 38% pointed to malware / intrusion prevention as their top security concern related to remote working.

The second most prevalent concern, according to 24% of CFOs, is the security of the virtual private network (VPN) and the virtual desktop infrastructure (VDI).



What is your main security concern related to remote working?


Security of VPN and virtual desktop infrastructure environment
%
Access rights of remote users (and procedures for granting / removing)
%
Monitoring of use of devices for file-sharing, video conferencing, collaborative work
%
Anti-malware and intrusion prevention (above regular anti-virus)
%
Compliance with policies for software updates, handling of (confidential) information at home
%
Compliance with control procedures (4-eyes review, cross checks)
%
Dependence on third parties and your control over them
%
Ability of your security team to remotely deal with incidents
%

Cybersecurity in a post-pandemic world 

When asked about the actions they plan to take in the coming months, 76% of respondents aim to increase cybersecurity awareness organisation-wide. Improving business continuity planning (45%) and endpoint security (34%) were also cited as priorities, along with improved system patching and vulnerability management (28%).

With regards to the cybersecurity budget, 76% of CFOs in Belgium foresee an increase in the near future. 

 

In the coming months

Over the long term



Which of the following actions will you take in the future?


Increase cybersecurity awareness
%
%
Improve end point security (beyond anti-virus protection)
%
%
Improve systems patching and vulnerability management
%
%
Improve IT estate visibility and monitoring (e.g. implement a SIEM/SOC solution)
%
%
Move on-premise IT infrastructure to cloud solutions
%
%
Increase use of outsourced security services
%
%
Tighten controls over third party suppliers
%
%
Improve incident response capabilities (e.g. prepare and rehearse playbooks)
%
%
Improve business continuity planning / management (incl. testing)
%
%

Contact us

Ingvar Van Droogenbroeck

Ingvar Van Droogenbroeck

Partner, PwC Belgium

Tel: +32 477 38 14 45

Connect with PwC Belgium