Cyber security investments 2021

Cyber Security
Investments
C-Suites Perspective 2021
Tackling Cyber Security In The New Reality

Bringing Together
Visionary Leaders of The World

Contents
01 Introduction
02 Overview
04 Survey Demographics
05 COVID-19 Cyber Security Statistics
06
Pre- Post-COVID-19
Cyber Security Comparison
08 Cyber Security As A Business Strategy
09 Trend #1 - Cyber Security Strategy
1 1 Trend #2 - Cloud Security
12 Securing Endpoints
13 Trend #3 - Data Security Privacy
15 Trend #4 - Employee Awareness
16 Humanity in Cyber Security
18 Cyber Security Cases During COVID-19
19 Future Trends In Cyber Security
20 Upcoming Cyber Security Events

Introduction
The data in this report was compiled from personal
interviews with visionary C-level executives and key decision
makers attending our cyber security events, and from our
trend surveys that are sent out annually to C-suites, top
business leaders, and senior management from leading
organizations.
At Management Events, our passion is to create momentous
encounters and inspirational experiences in a world-class
professional setting. We connect top decision makers
and innovative solution providers through our specially
tailored events, and inspire them with great speakers from
the biggest organizations in their respective industry.
Our exclusive invitation-only event concept ensures industry
leaders high-level peer-to-peer networking opportunities
and have pre-booked meetings with potential business
partners to fast track their development projects and
business growth. Our event participants are
technology-driven leaders of the largest companies in
Europe.
Annually, our 180+ business events bring together
20,000 leaders and 2,500 solution providers in 9
markets across Europe, generating business opportunities
through 110,000 face-to-face meetings. To identify the
investments, focus areas and projects of the top decision
makers, we conduct 35,000 interviews and receive over
10,000 online survey responses each year.
Thank you for downloading the trend report, Tackling Cyber Security In The New Reality,
from Management Events.
1
M AT C H M A K I N G , S M I L E M A K I N G , I C E B R E A K I N G
page .
Content owned by Management Events. All rights reserved.

While some organizations are still implementing
work-from-home, others are returning to the offices after
weeks of lockdown. However, no matter where
businesses are operating from, the fact remains that
cyber attacks are a prevalent threat and that cyber
criminals will continue to evolve, launching new and
cleverer attacks.
In fact, the World Health Organization (WHO) reported
a fivefold increase in cyber attacks back in April 2020 while
Interpol announced a shift of targets from individuals and
small businesses to major corporations and government
entities. The threat is even more worrying as businesses
move part of their processes online, and adopt more
digital sales and customer service platforms.
To uncover how C-suites are planning to upgrade their
cyber security efforts, we interviewed 1,128 top executives,
including CISOs, CTOs and CIOs, from 893 leading
companies across Europe, of which over 50% named
cyber security as a top investment. Compared to 2019,
their cyber security trends show a difference in priorities,
with cloud security taking precedence over data security
and the rising importance of employee awareness.
We also surveyed more than 1,100 business leaders in our
latest Executive Trend Survey to compare pre- and post-
pandemic cyber security trends, and discover their key focus
areas in building resilience against cyber attacks.
Read on to learn how top-level executives are maximizing
cyber security strategies, such as cloud security and
data privacy, and integrating cyber defense and training
solutions into their organizations.
Overview
2
page .

“Cybersecurity is an opportunity, and
if it is driven strategically then it can
become a big potent weapon foryou,
foryour business.”
Head of Cyber Security Practice at Infosys
3
page .

Demographics
1128
Business Leaders
893
Top Companies
45%
21%
34%

CISO / CIO / CTO / Top
Executives

Senior Security Officers IT
Executives

Middle Operational
Management
Industries surveyed include:
IT Services
and Consultancy
Manufacturing
Healthcare Services
and Life Sciences
Energy and Utilities
Banking, Insurance
and Financial Services
Public Sector
and Services
4
page .

Cyber Security
COVID-19 Statistics
Since the outbreak:
The rate of
cyber attacks
increased to
4,000 a day1
.
46% of global
businesses have
faced at least one
cyber threat1
.
Banks saw a
238% rise in
attacks2
.
Phishing attempts
is up 600%2
.
170,387 coronavirus-related
emails were sent in a single day3
.
583 of the emails contained
an infected attachment3
.
COVID-19-related cyber crime
landscape included:
1 COVID-19 Cyber Security Statistics. Performance Improvement Partners, 2020.
2 The 2020 Cybersecurity stats you need to know. Fintech News, 2020.
Average cost of data breach in
2020 is $5.85 million1
.
Global security market
is currently worth $173 billion4
.
Online scams and phishing Data harvesting malware
Ransomware and DDoS Malicious domains
3 COVID-19: Cyber Threat Analysis. UNODC, 2020.
4 2020 Roundup Of Cybersecurity Forecasts And Market Estimates. Forbes, 2020.
5
page .

Pre- Post-COVID-19
Cyber Security Comparisons
Key finding:
Cyber security fell to second place in 2021 top tech priority compared to survey results in 2019, which
placed cyber security as the topmost future tech adoption.
in
2019
in
2020
69% of C-suites have integrated cyber security into their
organizations.
38% expected cyber security to be scaling within their organizations
in 3 years.
Cyber security was the topmost future tech priority for 84% of
business leaders.
Majority of surveyed executives set aside an annual budget of less
than €50,000 for cybersecurity.
45% of CISOs were making efforts to increase employee cyber
security awareness in their organization.
76% of C-suites have integrated cyber security into their
organizations.
63% expect cyber security to be scaling within their organizations in
3 years.
Cyber security is the second top 2021 tech priority for 45% of
business leaders.
Majority of surveyed executives are planning to spend €50,000 to
€100,000 on cyber security, despite the tech falling in priority.
94% of CISOs see cyber security awareness training as a top priority
in their organization.
6
page .

“A proactive approach to
cybersecuritywill greatly improve
the overall maturity and resiliency of
an organization.”
CTO of CrowdStrike
7
page .

Cyber Security
Cyber Security As A Business Strategy
Key finding:
Cyber security is a leading investment for 64% of interviewed business leaders.
The coronavirus was dubbed as the largest-ever global
security threat with COVID-19-related cyber attacks
targeting small and big corporations alike, not to
mention government agencies.
As companies feel the pressure, and massive risks, of
potential cyber threats, top executives are increasing
their efforts in protecting their digital assets and
identifying security gaps within their systems and
organization. Thus, a robust cyber security strategy
is vital for 61% of C-suites who are concentrating on
strengthening security measures.
The shift to remote working, digital tools and online
services are also concerns faced by CISOs and their
C-level counterparts, which is why 51% of them are
still focusing on enhancing their cloud security
to mitigate risks, such as malware infections and
data leaks.
Data breaches were rampant throughout the
pandemic with over 470 incidents recorded between
March and June 2020. To protect their company and
client data, 48% of top executives are looking to data
security and privacy solutions to prevent data leaks
and losses.
However, implementing technology won’t be enough
if staff are not trained in security solutions and threat
awareness, thus employee awareness training is
also a top priority among both the surveyed and
interviewed business executives.
Cyber Security Focus Areas
60%
51%
48%
Cyber Security Strategy
Cloud Security
Data Security Privacy
8
page .

Cyber Security
Establishing A Resilient Security Framework
From planning a cyber defense center to tightening
the security of endpoints, we discovered multiple
solutions that C-suites are looking to implement as
part of their cyber security strategy. Cyber security
in connection with artificial intelligence (AI),
in particular, were frequently mentioned by the
executives.
AI applications are currently being used by
organizations to sort through security data, decrease
false alarms, notify unusual incidents, and offer
additional security layers. For example, Gmail uses
machine learning to block 100 million daily spam
messages while Apple is known for its Face ID, which
applies AI for biometric authentication to hinder
security breaches.
The interviewed executives are interested in the
direction of AI and threat intelligence, including
utilizing AI to:
• Reduce the time span of discovering risks
• Analyze, document and report incidents
• Improve detection of errors and threats
• Automate security operations
• Recover from hackings and attacks
While some business leaders have specific cyber
security areas that they want to focus on, others
mentioned they are looking broadly to lift their
overall security level and setting up new security
policies within the organization. They voiced
interest in what leaders are doing in the cyber
security field and in the latest innovations that will
help with their security efforts.
Based on the personal interviews,
other focus areas include:
A centralized security center
Internal control and follow-up of risks
Intrusion detection solution
Zero-trust security
Cyber security on ships
Best practices of patch management
Renewal of firewall and network architecture

Upgrading legacy platforms with better
security and modern solutions
Key finding:

60% of business executives are focusing on the development of stronger cyber
security strategies.
9
page .

Our exclusive invitation-only event concept provides a great opportunity for us to
interview the top decision makers and thought leaders on the current topics and
issues in today’s business landscape.
To identify the investments, focus areas and projects of the top decision
makers from the biggest organizations in the industries, we conduct over 35,000
personal interviews with invest-ready C-level executives who attend our events.
And you can network with these C-suites from leading organizations as well as
meet with innovative solution providers at our upcoming cyber security events.
From Data To Insights
10
page .

Cyber Security
Cloud Readiness For A Secure
And Remote Workforce
Key finding:

Despite the maturity of cyber security architecture among the interviewed
organizations, cloud security remains a heavy investment on C-suites’ portfolio.
According to McAfee, remote attacks on cloud service
targets rose by 630% during the pandemic, with
healthcare being the second most targeted industry.
The report also stated that enterprise cloud use
from unmanaged devices doubled amid the crisis,
expanding the threat landscape.
With such worrying issues, business leaders are
amping cloud security efforts, such as keeping a
controlled environment with outsourced suppliers
and coordinating multiple cloud vendors.
One of the most raised topics in the interviews is
strengthening identity and access management
(IAM). With employees still working remotely,
organizations may have compromised their network
security to allow off-site access to their staff.
A few key areas that were mentioned are enabling
continuity of cloud database access to their remote
workforce, adopting identity authentication, and
decreasing risks of identity theft.
Cloud compliance is another key concern, whereby
businesses need to be compliant with numerous
global regulations. Moving data to the cloud can
expose compliance gaps, which bring hefty penalties
and reputational damage to the organization if a
breach should occur.
Some core cloud compliance issues that interviewees
named are:
Compliance management
Updates of laws and regulations
Automation of compliance

Governance control for multiple solutions and
IT administrators
Many of the interviewed organizations also mentioned
that they are using Microsoft Azure. A few focus areas
that were highlighted are securing a hybrid of Azure
and a hosted private cloud, and ensuring that all
cloud security solutions comply with Azure.
For some organizations, cloud security is a new area.
They expressed interest in knowing the security risks
of using cloud and the best way to transition to a
cloud workplace, including keeping cloud applications
secure but easily available.
11
page .

Securing Endpoints
The Importance of Endpoint Security How It Works
Quite a number of interviewees mentioned endpoint security in
the personal interviews, citing it as a big threat and expressing
high interest in seeking solutions. But what is endpoint security
and why is it important?
Endpoint security is securing entry points or end-user devices,
such as laptops, printers and mobile devices, from viruses,
malware, and other malicious attacks. Any device connected to
a network is considered an endpoint. The objective is to protect
each device so the network remains secure.
Endpoint security is important for your business because:

Threats coming in through unsecured endpoints are on the
rise

The increase of remote work and bring-your-own-device
(BYOD) expose endpoint vulnerabilities

Hackers may use endpoints to access or steal data, which
puts your organization at risk

Other attacks include distributed denial of service (DDoS)
and ransomware
How endpoint protection works:

System administrators set up endpoint protection
platforms (EPP) or security software, such as antivirus
programs, data encryption, firewalls and filters

The technologies detect and prevent threats at the
endpoint by examining files and data as they enter the
network

Endpoint security software also uses encryption and
application control to secure devices that are accessing
the network
68% of firms had endpoint attacks in 20191
80% of the attacks were new or unknown1
$9m is the average cost per endpoint breach1
1
68% of organizations were victims of endpoint attacks in 2019.
Help Net Security, 2020.
12
page .

Data Security Privacy
Mitigating Risks And Building Trust
According to personal interviews, cyber security
strategies and cloud security take precedence over
data protection. However, this doesn’t indicate that
data security is secondary as respondents showed high
interest in the latest developments of safeguarding
important business information.
With large-scale data breaches increasing 273% in the
first quarter of 2020, businesses are becoming more
aware of the cost, both time and money, involved
in recovering from such an incident. Remote work is
also contributing to potential data security threats
as employees download or install unauthorized apps
and software that might have security gaps.
One topic that frequently came up is GDPR and data
protection compliance. For instance, one interviewee
asked about adjustments of data regulations
when accessing and securing large amounts of
data from a home office while others mentioned
that they have overlooked GDPR and are interested
in knowing how to comply with future legislations.
Top executives from specific industries, on the
other hand, are looking for more targeted data
security solutions. For example, a respondent
stated that the organization is working
together with the government, businesses and
universities, and is keen on finding a solution to
secure all the data and collaborate with the
involved parties.
Other areas that were mentioned during the interviews include:

Securing data during telecommunications where private
information are shared during the calls

Protecting data while working with multiple outsourced
providers

Ensuring data safety while providing access to private
information

Classifying data and related compliance measures

Simplifying administration in regards to GDPR and
compliance management

Using open data and its compliance with new GDPR
security standards
Key finding:
Almost 50% of interviewed business executives place data security and privacy as
a top priority in their organization.
13
page .

“Educating and partnering with
people is critical to the overall security
program of any company.”
CISO of OSI Group
14
page .

Employee Awareness
Adopting Good Cyber Security Behaviors
Shocking finding:
93% of surveyed C-suites agree that cyber security awareness training for their
employees is a top priority, but less than 30% are investing in cyber security software
for their remote workforce.
The weakest cyber security link in most
organizations is often the employees.
From falling prey to phishing attacks
to unsecure browsing habits, staff are
not always aware of the best IT security
practices or that they unwittingly
gave unauthorized access. This is why
organizations are strongly investing in
training and testing their employees on
cyber security awareness.
However, a concern that was voiced out by
the interviewed executives is the approach
of cyber security to a diversified and
dispersed workforce. The issue doesn’t
only involve employees working from
home, but also non-employees and users
that are using the systems. The question
they seek to answer is how to build cyber
security awareness into a culture that is
targeted to different groups.
The interviewees also mentioned
continuously educating users and
making them aware of new attacks as a
core interest. With cyber criminals evolving
with every new tech, organizations need
their employees to be updated with the
latest threat developments.
Some are conducting employee awareness
training through tests and e-learning
platforms, but they are wanting more
innovative solutions to not only create
awareness, but also in threat prevention
and detection.
Other organizations, on the other hand,
are on the lookout for contingency
planning or roadmap in the case that
they are hacked or attacked.
95%
25%
of cyber security
breaches are due to
human error1
of remote employees
are unaware of their
device’s security
protocols2
1
15 Alarming Cyber Security Facts and Stats. Cybint, 2020.
2
Increasing Cybersecurity Gaps and Vulnerabilities due to Remote Work During COVID-19. Security Magazine, 2020.
15
page .

Humanity In Cyber Security
Employees may be considered as the weakest link in cyber
security, but they still play a crucial part in the battle against
cyber attacks.
Employee Responsibility
Human error is the cause of 90% of data breaches. But because
the threats are from the actions of employees, they can also
be trained to prevent risks and improve security on their end.
This is why strong company policies and training programs are
important in empowering employees to understand the threat
landscape and network vulnerabilities.
The Human Touch
The modern AI is able to identify and defend against cyber
risks, but ultimately, employees are still needed to verify the
results of cyber security efforts. In fact, according to WhiteHat
Security, majority of organizations are more confident in having
the human element to play a significant role in security defense
with AI tools being used to take over low-level security tasks and
meticulous checks.
Humans Plus AI
However, one of the best cyber security strategies is the
combination of AI and human intelligence, where machines are
used to wade through tedious, large-scale work while humans
find vulnerabilities that require business logic. With millions of
global cyber security positions expecting to go unfulfilled by
2021, employing AI and machine learning can help to close the
increasing talent gap.
Cyber criminals will always target those who are unaware of cyber
threats, but proper training can help greatly in staff detection
and prevention of security breaches while AI and security tools
add to the effective reduction of attacks.w
16
page .

Want more insights
on cyber security?
Read our articles on emerging business trends in cyber protection and security:
find out more find out more find out more
17
page .

Future Trends In
Cyber Security
In our latest Executive Trend Survey, we
asked top executives across Europe on
their opinion of various cyber security
statements. Agreement was particularly
high on the use of predictive and
behavioral detection against cyber
attacks. This is due to rising technologies
that have the ability to see patterns of
behavior and are able to identify and fight
back against an attack, such as machine
learning.
On the other hand, respondents are
divided on geopolitical issues hindering
cyber security regulations and in the
incorporation of zero-trust principles.
While majority are in agreement with the
two statements, the rest seem to adopt a
wait-and-see approach.
In terms of zero-trust principles, some
C-suites that were personally interviewed
expressed interest in implementing the
concept within their business. Projected to
grow to $38.6 billion in market size by 2024,
zero-trust security is gaining traction in the
business world, and seen as a centralized
approach to cyber security. However, no
model is without its challenges, and CISOs
will face new complications in shifting their
organizations to a zero-trust architecture.
Rising Cyber Security Topics
Strongly Agree
Agree
Disagree
Strongly Disagree
Predictive and behavioral detection will be
the core focus for organizations against
cyber attacks.
Continued geopolitical issues will hinder
higher regulatory standards of cyber security.
Post-COVID-19 will see organizations
incorporating zero-trust principles for a
more effective security.
36%
40%
13%
7%
2%
48%
1%
10%
8%
1%
18
page .

Cyber Security Cases
During COVID-19
Based on our survey and personal interviews with CISOs, CTOs, CIOs, and other top executives,
it is clear that cyber security is high on their list of technology investments to prevent incidents
that threaten their organization and digital assets, such as the cyber security cases below.
WHO
March 2020
The World Health Organization
reported numerous hacking attempts
on their systems and staff email accounts.
TWITTER
July 2020
A highly-publicized attack, a hacker took
control of several public figures’
Twitter accounts for a Bitcoin scam.
Italy’s INPS
April 2020
The Italian department of social security
and welfare went offline after an
apparent cyber attack.
GARMIN
July 2020
Garmin’s wearables, apps, website
and call centers were offline after
a ransomware attack on July 23.
HONDA
June 2020
A cyber attack took place on the
Honda network, affecting access to
computer servers, emails and internal systems.
CANON
July 2020
Canon also suffered a ransomware
attack that caused an outage on
their storage service and other services.
19
page .

Meet With Top CISOs More
At Our Cyber Security Events
600MINUTES INFORMATION
AND CYBER SECURITY
11 November 2020 | Denmark
DACH STRATEGYFORUM CYBER
AND INFORMATION SECURITY
9 - 10 March 2021 | Germany
AND CYBER SECURITY
2 June 2021 | Denmark
AND CYBER SECURITY
24 - 25 November 2020 | Sweden
600MINUTES
CYBER SECURITY BELGIUM
9 March 2021 | Belgium
AND CYBER SECURITY
5 May 2021 | Finland
AND CYBER SECURITY
16 - 17 November 2021 | Sweden
Connect with top decision makers and innovative solution providers from the biggest organizations in the industries, and position your
business for long-term growth. All events are virtual unless otherwise stated.
Join Join Join
Join Join Join
Join
* All event dates are correct at time of publishing, but may be subject to change without notice.
20
page .

Enjoyed the report? Share it with your network!
managementevents.com

Cyber security investments 2021

More Related Content

What's hot

Similar to Cyber security investments 2021

Recently uploaded

Cyber security investments 2021