Menu Close

Key takeaways from PwC’s survey of business’ cyber security challenges for 2022

At Kloudwerk, our services are built on people. We offer a cyber expert to build a relationship with your IFA firm on a one hour, monthly basis. This way, we can assess the holistic cyber security risks which face your firm.

Key takeaways from the PwC and NCSC cyber security reports

The UK National Cyber Security Centre (NCSC) reports that ransomware continues to be the  number one choice for cyber criminals in business exploitation 

We analysed the NCSC Annual Review in addition to PwC’s 2022 Cyber Security Strategy Survey of Business and Technology Leaders. Both remind us of a number of key themes for businesses and their cyber resilience. A repetitive theme remains and is still growing: ransomware.

  • The 2021 cyber security review conducted by the NCSC revealed that in the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019
  • The rapid rise in ransomware attacks is proving a highly lucrative business model for cyber criminals. As a business owner, one must consider when, not if, you may be a victim of cyber crime
The increase in reported attacks may be partly due to the number of firms starting to report them in line with regulations such as GDPR. Nonetheless, ransomware remains a profitable revenue stream for criminals.
  • UK organisations predict a further 61% increase in ransomware incidents during 2022
  • From a return on investment (ROI) point of view for the cyber-criminal, this is a low risk high return investment
  • As the cyber security industry develops responses to ransomware attacks (typically reactively), so do the cyber criminals adapt to the changing landscape of cyber protection processes, developing even greater sophisticated approaches to increase their ROI

PwC have made a point that whilst cyber criminals are ensuring they get good returns, organisations are failing to maximise their ROI in any security investments. It’s a point we fully agree with. Many firms procure security software or other services relatively blindly. Throwing money at the problem with a single fix solution is not the ideal strategy. 

The best approach is to conduct a cyber security risk assessment to first understand what key risks and gaps exist. Any investment in time or money should be spent on those key risks and gaps, otherwise the real risks are not being addressed. No risk assessment, no return on investment. 

“While 37% of UK respondents said they had implemented cloud security at scale, just 18% are fully realising the benefits of their investment… To overcome this challenge and build greater confidence in their security investments, organisations must improve their cyber risk modelling and analysis. This ensures increases in cyber budgets are allocated to priority risks and help build long-term resilience.”

To ensure a customised approach to cyber security management for the SME, it is essential to apply an ongoing risk approach that evolves with your growing business and the changing landscape of cyber-attacks. A consultative service can provide a continuously updated solution for your business, one that doesn’t overwhelm your budget and offers realised returns on investment in reducing the key cyber risks. 

PwC survey results:

NCSC annual review 2021:

Kloudwerk works with you to help you keep the cyber criminals out. We offer affordable risk-based cyber security consultancy packages for business customers.  Please visit our Cyber Consultancy page for more information


On Key

Related Posts



Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner


The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.


You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.