Cyber resilience is a boardroom priority: Putting security at the epicentre of innovation

Business transformation is one thing. Cyber transformation is not another.

They are the same. Cyber tops the risk register in most companies and on many executive surveys. But is it a staple topic in CEE businesses’ boardrooms? Are companies informed enough on cyber risks and controls — and also on how major strategic initiatives are furthering business and revenue growth?

Almost 60% of companies in the CEE region plan to increase their cybersecurity budget. Though there are regional differences in numbers, a significant shift in the minds of the C-suite worldwide towards cyber is undeniable.

Peter Durojaiye, Partner, Cybersecurity & Privacy Leader, PwC CEE

Security underpins everything an organisation does: finance, development, personnel, technology and other areas of the business. Cybersecurity could spur innovations that save money and help businesses grow. This is the raison d’etre of cyber. And this is why businesses have to welcome cyber into the boardroom.

On 12 December we held a CEE Webcast: Cyber resilience is a boardroom priority: Putting security at the epicentre of innovation.

We gathered business leaders from across CEE to discuss the current state of cyber threats in our region, strategic budget allocation, navigating evolving cyber regulations, emerging tech and much more.

During the webcast Peter Durojaiye, Partner and Cybersecurity & Privacy Leader for PwC in Central and Eastern Europe, presented the CEE findings from our 2024 Global Digital Trust Insights report. The webcast uncovered drivers of increased boardroom commitment to investing in cyber — and took a deep dive into diverse aspects of the cybersecurity landscape in CEE. The panel shared their insights on cloud adoption, the regulatory environment, trends towards integrated tech platforms, the use of AI for cyber defence and much more.

Missed the event? Watch the recording above.

Many thanks to our speakers and panellists:

Martin Štefík, Commercial Finance Director, Microsoft, CEE, Middle East & Africa
Pavel Hejduk, CISO, ČEZ, Czech Republic
Łukasz Ślęzak, CSO, Bank Millennium, Poland
Bogdan Costea, Lead Information Security, ING Bank, Romania
Michal Kielczyk, CISO, Polpharma, Poland
Petr Špiřík, Partner, PwC, CEE

If you would like to continue the conversation on this topic

please sign up for a virtual coffee with PwC Partner/Director.

Sign up

CEE findings from the 2024 Global Digital Trust Insights Survey: client voices

Cyber budgets up
A regulatory environment of increased costs but greater perceived benefits
Balancing the talent shortage with managed services
Simplification and modernisation — a trend towards integrated tech “platforms”
Cloud, cloud, cloud — and ecosystem security…
Putting cybersecurity at the epicentre of innovation

Cyber budgets up

Cybersecurity is now a board-level imperative. Globally, 79% of the 3,876 business, technology and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs and C-Suite officers) we surveyed say they’ll increase their cyber expenditures in 2024 (up from 64% last year), especially large organisations with revenues of $5 billion or more. While this pattern is even more marked in Western Europe, we see a similar and growing trend in CEE.

As an energy company, security is part of our DNA, not just for board members but for all employees. Cybersecurity is something fairly new but it is an agenda board members understand, and although there is obviously still work to be done, the awareness is there. We try to integrate security requirements into business goals, so we don’t need a separate budget.

Pavel Hejduk, CISO, ČEZ, Czech Republic

A regulatory environment of increased costs but greater perceived benefits

The majority of CEE companies expect increased compliance costs . CEE-EU countries generally have a greater regulatory load, with the NIS2 Cybersecurity Directive, the Digital Operational Resilience Act (DORA), the Cyber Resilience Act and other requirements driving an increased level of transparency of incidents and cyber practices, requiring broader attention.

Respondents in our region report that four types of regulation will most help secure an organisation’s future growth. Over two-thirds (37%) say mandatory reporting of cyber risk management, 34% identify operational resilience and almost 30% point to Gen AI as well as harmonisation of cyber security and data protection rules. NIS2, DORA and Cyber Resilience Act and other requirements are driving an increased level of transparency and cyber practices, which require broader attention at boardroom level.

From discussions with clients and others, the overarching sentiment I’m hearing is that we are over-regulated. However, security leaders are increasingly seeing regulation as an opportunity to do the right thing and use regulation as a tool, and it is important that the regulation increases the accountability of board members. Regulations aren’t loved — but I think that everyone is coming to terms with them and how to use them for good.

Petr Špiřík, Partner, PwC CEE, Czech Republic

Balancing the talent shortage with managed services

In СEE, 65% of respondents focus on retaining key talent and upskilling the current workforce fast enough to keep up with the demands of their organisations. Another 40% look to tackle the balance between in-house and co-managed or outsourced managed security services. Almost half look to shift to managed services in new areas.

It’s a tough market. In our case, we hired juniors and trained them. This involves exposing them not just to security, but to show the value of their work. Not just working with their peers in tech, but with the business, to give a sense of purpose. We have found that people leave for the next challenge and that it isn’t always about money, it is about perks and the work environment too.

Bogdan Costea, Lead Information Security, ING Bank, Romania

Our research shows that some companies are using managed services to reduce costs, but some are using them to tackle talent shortages. We find that higher-performing organisations look to use managed services to gain business advantage rather than for body shopping or to reduce costs.

Petr Špiřík, Partner, PwC CEE, Czech Republic

Simplification and modernisation — a trend towards integrated tech “platforms”

In CEE, 34% of responses report using an integrated suite of cyber tech solutions already, and a further 34% plan to move to one in the next two years.

The organisational mindset has one conclusion — that the integration of systems might be a nightmare. Avoiding problems with integration is key — because this is ultimately a problem for customers in the end.

Michal Kielczyk, CISO, Polpharma, Poland

At Microsoft, we see security as one of the key pillars of our success. We see the demand for integrated, end-to-end solutions.

Martin Štefík, Commercial Finance Director, Microsoft, CEE, Middle East & Africa

Cloud, cloud, cloud — and ecosystem security…

In CEE, over 85% of respondents indicate they are working with either private, public or a combination of cloud providers. Although cloud security is an increasing concern in our region, there was a greater focus on business email compromise, hack-and-leak operations, supply chain security, and attacks on the ‘no-IT’ environments such as the Internet of Things (IoT) and operational technology (OT).

Sometimes we hear that cloud is the answer to everything, but for me, it is definitely something we should deploy on a case-by-case basis. More and more we use cloud for new cases — and cloud deployment looks good for smaller companies.

Pavel Hejduk, CISO, ČEZ, Czech Republic

Cloud migration is no longer an ‘if’ — that train has left the station.

Peter Durojaiye, Partner, Cybersecurity & Privacy Leader, PwC CEE

Putting cybersecurity at the epicentre of innovation

40% of our regional responses say they plan to use generative artificial intelligence (Gen AI) for cyber defence in the next 12 months. This jumps to nearly 65% across Europe.

Innovation focuses on better detection of existing cyber threats, dealing with new ones, and sharpening security functions to address talent shortages and cost optimisation.

You can be innovative in how you build things by having security embedded. If you have the CISO involved you have someone who is there to keep ideas safe but not kill ideas. CISOs can help create environments for safe ideas and innovation — that is what they can do.

Michal Kielczyk, CISO, Polpharma, Poland

About the survey

The 2024 Global Digital Trust Insights is a survey of 3,876 business, technology and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs and C-Suite officers) conducted in the May through July 2023 period.

Respondents operate in a range of industries, including industrial manufacturing, financial services, tech, media, telecom, retail and consumer markets, energy, utilities and resources, health and government and public services.

Respondents are based in 71 countries. There were 211 survey participants in Central and Eastern Europe who came from the Czech Republic, Poland, Slovakia, Slovenia, Hungary, Bulgaria, Romania, Serbia, Ukraine, Estonia and Latvia.

The Global Digital Trust Insights Survey was previously known as the Global State of Information Security Survey (GSISS). Now in its 26th year, it’s the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry and the only one that draws participation from senior business executives, not just security and technology executives. In Central and Eastern Europe this year, there was a 38% to 62% split between Tech and Business leaders in terms of respondents.

PwC Research, PwC’s global Centre of Excellence for market research and insight, conducted this survey.