Cybersecurity strategy tops CEO agenda in 2021, PwC Thailand says

Vilaiporn Taweelappontong, consulting lead partner and financial services leader for PwC Thailand.
Vilaiporn Taweelappontong, consulting lead partner and financial services leader for PwC Thailand.

PwC Thailand urges businesses to adjust their cybersecurity strategy and establish more robust security measures as COVID-19 leaves more companies vulnerable to cyber-attacks and data breaches in the next year.


Business leaders and CEOs must invest in key technologies, educate staff on the threat, upskill cyber professionals and test response plans to prevent hackers and cyber criminals from taking advantage of the pandemic season, which has forced many businesses and employees to work remotely.


This year saw a surge in the number of cyber-attacks such as ransomware, data breaches and phishing. This rising trend is likely to continue in 2021, according to Vilaiporn Taweelappontong, Consulting Lead Partner and Financial Services Leader for PwC Thailand.


The pandemic has prompted large Thai organisations – under the watchful eye of the regulator – to step up their preventive measures and increase cybersecurity capabilities at the highest level. The shift to a remote working model has also increased the risk of cyber-attacks and security incidents this year, Vilaiporn said.


Among measures Thai organisations have adopted to strengthen their cybersecurity efforts include using Virtual Private Networks (VPNs), developing a Bring Your Own Device (BYOD) security policy, as well as testing their cybersecurity incident response plans on a regular basis. 


“The best cybersecurity strategy that any CEO and executive could have in the coming year has to start with a comprehensive review,” Vilaiporn said. “They must make sure they set aside an appropriate budget, hire the right people and upskill existing staff people and adopt effective tools or technologies. They should also have policies and practices in line with international standards to reduce the risk of being attacked and build trust among stakeholders.”


Invest for a better cyber hygiene


“The overall outlook of cybersecurity investment of Thai companies has improved in recent years,” she added. “Nonetheless, more needs to be done to elevate their business’ cyber hygiene.


“Companies need to allocate a cyber budget to ensure they can prevent, detect, respond and recover from the rising and unprecedented threats that can happen any time. More importantly, they must also build cybersecurity awareness throughout the entire organisation, so people understand it’s an issue that requires everyone’s attention.”


Vilaiporn said that a skilled labour shortage and a lack of understanding of cybersecurity are largely due to a failure to allocate enough funds. “Many companies underinvest, and in other cases, overinvest without a good understanding of their organisation’s asset values,” she said.


Cybersecurity labour supply shortage in Thailand


The availability of skilled labour in the cyber field remains a serious problem for Thai businesses, Vilaiporn said. Although employers are constantly looking to fill the role, there’s not enough qualified candidates in the market to meet the rising demand, she said.


Cybersecurity new hires also are expected to have other in-demand qualities that go beyond digital, whether it be business acumen, analytical thinking or social skills. However, the skills that most cybersecurity professionals have are still very specific to certain types of roles, she explained.


“We do have good people in the field here [in Thailand], but just not that many,” Vilaiporn said. Most have skills that are very specific to their role, such as Data Loss Prevention, Identity and access management, Network security, and so on.


“The people who really have the best of both worlds – those who aren’t only a tech person, but work with colleagues in the C-Suite and the board to add value – are still very few.”


According to a PwC report, Global Digital Trust Insights 2021: Cybersecurity comes of age, which surveyed some 3,200 business and technology executives from around the world, Chief Information Security Officers (CISOs) need to play “transformational, operational and master tactician” roles to help their organisation survive and grow. PwC also suggested five moves businesses can take to build a resilient future:

  1. Reset cyber strategy and evolve a CISO to accelerate digitisation
  2. Rethink cyber budgets, tying them to long-term business growth and risk management
  3. Invest in advanced technologies to turn the tables on attackers. Switching to a cloud away from inherently insecure legacy systems is foundational for the next generation of business solutions.
  4. Future-proof cyber teams by hiring the right cybersecurity personnel, and train existing workers regularly.
  5. Build resilience. Increase resilience testing to ensure critical business services will function even if a disruptive cyber event occurs. Ransomware, data breaches and phishing are likely to top the chart of the cyberthreats facing businesses in 2021.