Operator‑billed 5G connections revenue to reach $357 billion by 2025

Operator‑billed revenue from 5G connections will reach $357 billion by 2025, rising from $5 billion in 2020, its first full year of commercial service, according to Juniper Research.

5G connections revenue

By 2025, 5G revenue is anticipated to represent 44% of global operator‑billed revenue owing to rapid migration of 4G mobile subscribers to 5G networks and new business use cases enabled by 5G technology.

However, the study identified 5G networks roll-outs as highly resilient to the COVID-19 pandemic. It found that supply chain disruptions caused by the initial pandemic period have been mitigated through modified physical roll-out procedures, in order to maintain the momentum of hardware deployments.

5G connections to generate 250% more revenue than average cellular connection

The study found that 5G uptake had surpassed initial expectations, predicting total 5G connections will surpass 1.5 billion by 2025. It also forecast that the average 5G connection will generate 250% more revenue than an average cellular connection by 2025.

To secure a return on investment into new services, such as uRLLC (Ultra-Reliable Low-Latency Communication) and network slicing, enabled by 5G, operators will apply this premium pricing for 5G connections.

However, these services alongside the high-bandwidth capabilities of 5G will create data-intensive use cases that lead to a 270% growth in data traffic generated by all cellular connections over the next five years.

Networks must increase virtualisation to handle 5G data traffic

Operators must use future launches of standalone 5G network as an opportunity to further increase virtualisation in core networks. Failure to develop 5G network architectures that handle increasing traffic will lead to reduced network functionality, inevitably leading to a diminished value proposition of its 5G network amongst end users.

Research author Sam Barker remarked: “Operators will compete on 5G capabilities, in terms of bandwidth and latency. A lesser 5G offering will lead to user churn to competing networks and missed opportunities in operators’ fastest-growing revenue stream.”

Global spending on cloud services to surpass $1 trillion in 2024

The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT.

global spending on cloud services

Global spending on cloud services to rise

According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) of 15.7%.

“Cloud in all its permutations – hardware/software/services/as a service as well as public/private/hybrid/multi/edge – will play ever greater, and even dominant, roles across the IT industry for the foreseeable future,” said Richard L. Villars, Group VP, Worldwide Research at IDC.

“By the end of 2021, based on lessons learned in the pandemic, most enterprises will put a mechanism in place to accelerate their shift to cloud-centric digital infrastructure and application services twice as fast as before the pandemic.”

Strongest growth in the as a service category

The strongest growth in cloud revenues will come in the as a service category – public (shared) cloud services and dedicated (private) cloud services. This category, which is also the largest category in terms of overall revenues, is forecast to deliver a five-year CAGR of 21.0%.

By 2024, the as a service category will account for more than 60% of all cloud revenues worldwide. The services category, which includes cloud-related professional services and cloud-related management services, will be the second largest category in terms of revenue but will experience the slowest growth with an 8.3% CAGR. This is due to a variety of factors, including greater use of automation in cloud migrations.

The smallest cloud category, infrastructure build, which includes hardware, software, and support for enterprise private clouds and service provider public clouds, will enjoy solid growth (11.1% CAGR) over the forecast period.

Factors driving the cloud market forward

While the impact of COVID-19 could have some negative effects on cloud adoption over the next several years, there are a number of factors that are driving the cloud market forward.

  • The ecosystem of tech companies helping customers migrate to cloud environments, create new innovations in the cloud, and manage their expanding cloud environments will enable enterprises to meet their accelerated schedules for moving to cloud.
  • The emergence of consumption-based IT offerings are aimed at leveraging public cloud-like capabilities in an on-premises environment that reduces the complexity and restructures the cost for enterprises that want additional security, dedicated resources, and more granular management capabilities.
  • The adoption of cloud services should enable organizations to shift IT from maintenance of legacy IT to new digital transformation initiatives, which can lead to new business revenue and competitiveness as well as create new opportunities for suppliers of professional services.
  • Hybrid cloud has become central to successful digital transformation efforts by defining an IT architectural approach, an IT investment strategy, and an IT staffing model that ensures the enterprise can achieve the optimal balance across dimensions without sacrificing performance, reliability, or control.

Banks risk losing customers with anti-fraud practices

Many banks across the U.S. and Canada are failing to meet their customers’ online identity fraud and digital banking needs, according to a survey from FICO.

banking fraud

Despite COVID-19 quickly turning online banking into an essential service, the survey found that financial institutions across North America are struggling to establish practices that combat online identity fraud and money laundering, without negatively impacting customer experience.

For example, 51 percent of North American banks are still asking customers to prove their identities by visiting branches or posting documents when opening digital accounts. This also applies to 25 percent of mortgages or home loans and 15 percent of credit cards opened digitally.

“The pandemic has forced industries to fully embrace digital. We now are seeing North American banks that relied on face-to-face interactions to prove customers’ identities rethinking how to adapt to the digital first economy,” said Liz Lasher, vice president of portfolio marketing for Fraud at FICO.

“Today’s consumers expect a seamless and secure online experience, and banks need to be equipped to meet those expectations. Engaging valuable new customers, then having them abandon applications when identity proofing becomes expensive and difficult.”

Identity verification process issues

The study found that only up to 16 percent of U.S. and Canadian banks employ the type of fully integrated, real-time digital capture and validation tools required for consumers to securely open a financial account online.

Even when digital methods are used to verify identity, the experience still raises barriers with customers expected to use email or visit an “identity portal” to verify their identities.

Creating a frictionless process is key to meeting consumers current expectation. For example, according to a recent Consumer Digital Banking study, while 75 percent of consumers said they would open a financial account online, 23 percent of prospective customers would abandon the process due to an inconsistent identity verification process.

Lack of automation is a problem for banks too

The lack of automation when verifying customers’ identity isn’t just a pain point for customers – 53 percent of banks reported it problematic for them too.

Regulation intended to prevent criminal activity such as money laundering typically requires banks to review customer identities in a consistent, robust manner and this is harder to achieve for institutions relying on inconsistent manual resources.

Fortunately, 75 percent of banks in the U.S. and Canada reported plans to invest in an identity management platform within the next three years.

By moving to a more integrated and strategic approach to identity proofing and identity authentication, banks will be able to meet customer expectations and deliver consistently positive digital banking experiences across online channels.

How will blockchain impact the global economy?

An analysis by PwC shows blockchain technology has the potential to boost global gross domestic product (GDP) by $1.76 trillion over the next decade. That is the key finding of a report assessing how the technology is being currently used and exploring the impact blockchain could have on the global economy.

blockchain impact

Through analysis of the top five uses of blockchain, ranked by their potential to generate economic value, the report gauges the technology’s potential to create value across industry, from healthcare, government and public services, to manufacturing, finance, logistics and retail.

“Blockchain technology has long been associated with cryptocurrencies such as Bitcoin, but there is so much more that it has to offer, particularly in how public and private organizations secure, share and use data,” comments Steve Davies, Global Leader, Blockchain and Partner, PwC UK.

“As organizations grapple with the impacts of the COVID-19 pandemic, many disruptive trends have been accelerated. The analysis shows the potential for blockchain to support organizations in how they rebuild and reconfigure their operations underpinned by improvements in trust, transparency and efficiency across organizations and society.”

Key takeaways

  • The report identifies five key application areas of blockchain and assesses their potential to generate economic value using economic analysis and industry research. The analysis suggests a tipping point in 2025 as blockchain technologies are expected to be adopted at scale across the global economy.
  • Tracking and tracing of products and services – or provenance – which emerged as a new priority for many companies’ supply chains during the COVID-19 pandemic, has the largest economic potential ($962bn). Blockchain’s application can be wide ranging and support companies ranging from heavy industries, including mining through to fashion labels, responding to the rise in public and investor scrutiny around sustainable and ethical sourcing.
  • Payments and financial services, including use of digital currencies, or supporting financial inclusion through cross border and remittance payments ($433bn).
  • Identity management ($224bn) including personal IDs, professional credentials and certificates to help curb fraud and identity theft.
  • Application of blockchain in contracts and dispute resolution ($73bn), and customer engagement ($54bn) including blockchain’s use in loyalty programmes further extends blockchain’s potential into a much wider range of public and private industry sectors.

Blockchain’s success will depend on a supportive policy environment, a business ecosystem that is ready to exploit the new opportunities that technology opens, and a suitable industry mix.

Economic benefits across continents

Across all continents, Asia will likely see the most economic benefits from blockchain technology. In terms of individual countries, blockchain could have the highest potential net benefit in China ($440bn) and the USA ($407bn). Five other countries – Germany, Japan, the UK, India, and France – are also estimated to have net benefits over $50bn.

The benefits for each country differ however, with manufacturing focused economies such as China and Germany benefiting more from provenance and traceability, while the US would benefit most from its application in securitisation and payments as well as identity and credentials.

At a sector level, the biggest beneficiaries look set to be the public administration, education and healthcare sectors. These sectors are expected to benefit approximately $574bn by 2030, by capitalising on the efficiencies blockchain will bring to the world of identity and credentials.

Meanwhile, there will be broader benefits for business services, communications and media, while wholesalers, retailers, manufacturers and construction services, will benefit from using blockchain to engage consumers and meet demand for provenance and traceability.

Digital transformation as top priority

The potential for blockchain to be considered as part of organizations’ future strategy is linked to a research with business leaders that showed 61% of CEOs said they were placing digital transformation of core business operations and processes among their top three priorities, as they rebuild from COVID-19.

“One of the biggest mistakes organizations can make with implementing emerging technologies is to leave it in the realm of the enthusiast in the team. It needs C-Suite support to work, identify the strategic opportunity and value, and to facilitate the right level of collaboration within an industry,” comments Davies.

“Given the scale of economic disruption organizations are dealing with currently, establishing proof of concept uses which can be extended and scaled if successful, will enable businesses to identify the value, while building trust and transparency in the solution to deliver on blockchain’s potential.”

The report warns that if blockchain’s economic impact potential is to be realized, its energy overhead must be managed. Growing business and government action on climate change, including commitments to Net Zero transformation, will mean that organizations need to consider new models for consolidating and sharing infrastructure resources to reduce reliance on traditional data centres and their overall technology related energy consumption.

ATM cash-out: A rising threat requiring urgent attention

The PCI Security Standards Council (PCI SSC) and the ATM Industry Association (ATMIA) issued a joint bulletin to highlight an increasing threat that requires urgent awareness and attention.

ATM cash-out

What is the threat?

An ATM cash-out attack is an elaborate and choreographed attack in which criminals breach a bank or payment card processor and manipulate fraud detection controls as well as alter customer accounts so there are no limits to withdraw money from numerous ATMs in a short period of time.

Criminals often manipulate balances and withdrawal limits to allow ATM withdrawals until ATM machines are empty of cash.

How do ATM cash-out attacks work?

An ATM cash-out attack requires careful planning and execution. Often, the criminal enterprise gains remote access to a card management system to alter the fraud prevention controls such as withdrawal limits or PIN number of compromised cardholder accounts. This is commonly done by inserting malware via phishing or social engineering methods into a financial institution or payment processor’s systems.

The criminal enterprise then can create new accounts or use compromised existing accounts and/or distribute compromised debit/credit cards to a group of people who make withdrawals at ATMs in a coordinated manner.

With control of the card management system, criminals can manipulate balances and withdrawal limits to allow ATM withdrawals until ATM machines are empty of cash.

These attacks usually do not exploit vulnerabilities in the ATM itself. The ATM is used to withdraw cash after vulnerabilities in the card issuers authorization system have been exploited.

Who is most at risk?

Financial institutions, and payment processors are most at financial risk and likely to be the target of these large-scale, coordinated attacks. These institutions stand to potentially lose millions of dollars in a very short time period and can have exposure in multiple regions around the world as the result of this highly organized, well-orchestrated criminal attack.

What are some detection best practices?

  • Velocity monitoring of underlying accounts and volume
  • 24/7 monitoring capabilities including File Integrity Monitoring Systems (FIMs)
  • Reporting system that sounds the alarm immediately when suspicious activity is identified
  • Development and practice of an incident response management system
  • Check for unexpected traffic sources (e.g. IP addresses)
  • Look for unauthorized execution of network tools.

What are some prevention best practices?

  • Strong access controls to your systems and identification of third-party risks
  • Employee monitoring systems to guard against an “inside job”
  • Continuous phishing training for employees
  • Multi-factor authentication
  • Strong password management
  • Require layers of authentication/approval for remote changes to account balances and transaction limits
  • Implementation of required security patches in a timely manner (ASAP)
  • Regular penetration testing
  • Frequent reviews of access control mechanisms and access privileges
  • Strict separation of roles that have privileged access to ensure no one user ID can perform sensitive functions
  • Installation of file integrity monitoring software that can also serve as a detection mechanism
  • Strict adherence to the entire PCI DSS.

Cyber teams are getting more involved in M&A

Despite ongoing economic uncertainty amidst a global pandemic, many dealmakers remain optimistic about the outlook for the year ahead as they increasingly pursue alternative merger and acquisition (M&A) methods to navigate the crisis and pursue new disruptive business growth strategies.

virtual dealmaking

According to a Deloitte survey of 1,000 U.S. corporate M&A executives and private equity firm professionals, 61% of survey respondents expect U.S. M&A activity to return to pre-COVID-19 levels within the next 12 months.

Soon after the WHO declared COVID-19 a pandemic on March 11, deal activity in the U.S. plunged — most notably during April and May.

Responding M&A executives say they tentatively paused (92%) or abandoned (78%) at least one transaction as a result of the pandemic outbreak. However, since March 2020, possibly aiming to take advantage of pandemic-driven business disruptions, 60% say their organizations have been more focused on pursuing new deals.

“M&A executives have moved quickly to adapt and uncover value in new and innovative ways as systemic change driven by the pandemic has resulted in alternative approaches to transactions,” said Russell Thomson, partner, Deloitte & Touche LLP, and Deloitte’s U.S. merger and acquisition services practice leader.

“We expect both traditional and alternative M&A to be an important lever for dealmakers as businesses recover and thrive in a post-COVID economy.”

Alternative dealmaking on the rise

For many, alternative deals are quickly outpacing traditional M&A activity as the search for value intensifies in a low-growth environment.

When asked which type of deals their organizations are most interested in pursuing, responding corporate M&A executives’ top choice was alternatives to traditional M&A, including alliances, joint ventures, and Special Purpose Acquisition Companies (45%) — ranking higher than acquisitions (35%).

Private equity investors plan to remain more focused on traditional acquisitions (53%), while simultaneously pushing pursuit of M&A alternatives — including private investment in public equity deals, minority stakes, club deals and alliances (32%).

“As businesses prepare for a post-COVID world, including fundamentally reshaped economies and societies, the dealmaking environment will also materially change,” said Mark Purowitz, principal, Deloitte Consulting LLP, with Deloitte’s mergers and acquisitions consulting practice, and leader of the firm’s Future of M&A initiative.

“Companies were starting to expand their definition of M&A to include partnerships, alliances, joint ventures and other alternative investments that create intrinsic and long-lasting value, but COVID-19 has accelerated dealmakers’ needs to create more optionality for their organizations’ internal and external ecosystems.”

Virtual dealmaking to continue playing large role post-pandemic

87% of M&A professionals surveyed report that their organizations were able to effectively manage a deal in a purely virtual environment, so much so that 55% anticipate that virtual dealmaking will be the preferred platform even after the pandemic is over.

However, virtual dealmaking does not remain without its own challenges. Fifty-one percent noted that cybersecurity threats are their organizations’ biggest concern around executing deals virtually.

“When it comes to cyber in an M&A world — it’s important to develop cyber threat profiles of prospective targets and portfolio companies to determine the risks each present,” said Deborah Golden, Deloitte Risk & Financial Advisory, cyber and strategic risk leader, Deloitte & Touche LLP.

“CISOs understand how a data breach can negatively impact the valuation and the underlying deal structure itself. Leaving cyber out of that risk picture may lead to not only brand and reputational risk, but also significant and unaccounted remediation costs.”

Other virtual dealmaking concerns included the ability to forge relationships with management teams (40%) and extended regulatory approvals (39%). When it comes to effectively managing the integration phase in a virtual environment, technology integration (16%) and legal entity alignment or simplification (16%) are surveyed M&A executives’ largest and most prevalent hurdles.

“It may be too early to assess the long-term implications of virtual dealmaking as many of the deals currently in progress now are resulting from management relationships that were formed pre-COVID. We also expect integration in a virtual setting will become much more complex a few months from now,” said Thomson.

virtual dealmaking

“Culture and compatibility issues should be given greater attention on the diligence side, as they pose major downstream integration implications.”

International dealmaking declines, focus on domestic-only deals

Interest in foreign M&A targets declined in 2020 as corporate executives reported a significant shift in their approach to international dealmaking, with 17% reporting no plans to execute cross-border deals in the current economic environment, an 8 percentage point increase from 2019.

In addition, 57% of M&A executives say less than half of their current transactions involve acquiring targets operating primarily in foreign markets.

Notably, the number of survey respondents interested in pursuing deals with U.K. targets dropped by 8 percentage points, while Chinese targets declined by 7 percentage points. Interest in Canadian (32%) and Central American (19%) targets remained highest.

Public cloud IT infrastructure spending exceeds that for non-cloud IT infrastructure

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, increased 34.4% year over year in the second quarter of 2020 (2Q20), according to IDC. Investments in traditional, non-cloud, IT infrastructure declined 8.7% year over year in 2Q20.

Public cloud IT infrastructure spending

These growth rates show the market response to major adjustments in business, educational, and societal activities caused by the COVID-19 pandemic and the role IT infrastructure plays in these adjustments.

Across the world, there were massive shifts to online tools in all aspects of human life, including collaboration, virtual business events, entertainment, shopping, telemedicine, and education. Cloud environments, and particularly public cloud, were a key enabler of this shift.

Spending on public cloud IT infrastructure increased 47.8% year over year in 2Q20, reaching $14.1 billion and exceeding the level of spend on non-cloud IT infrastructure for the first time. Spending on private cloud infrastructure increased 7% year over year in 2Q20 to $5 billion with on-premises private clouds accounting for 64.1% of this amount.

Hardware infrastructure market reaching the tipping point

The hardware infrastructure market has reached the tipping point and cloud environments will continue to account for an increasingly higher share of overall spending.

While IDC increased its forecast for both cloud and non-cloud IT spending for the full year 2020, investments in cloud IT infrastructure are still expected to exceed spending on non-cloud infrastructure, 54.8% to 45.2%.

Most of the increase in spending will be driven by public cloud IT infrastructure, which is expected to slow in 2H20 but increase by 16% year over year to $52.4 billion for the full year.

Spending on private cloud infrastructure will also experience softness in the second half of the year and will reach $21.5 billion for the full year, an increase of just 0.3% year over year.

As of 2019, the dominance of cloud IT environments over non-cloud already existed for compute platforms and Ethernet switches while the majority of newly shipped storage platforms were still residing in non-cloud environments.

Starting in 2020, with increased investments from public cloud providers on storage platforms, this shift will remain persistent across all three technology domains.

Compute platforms to remain the largest segment of spending

Within cloud deployment environments in 2020, compute platforms will remain the largest segment (50.9%) of spending at $37.7 billion while storage platforms will be the fastest growing segment with spending increasing 21.2% to $27.8 billion, and the Ethernet switch segment will grow 3.9% year over year to $8.5 billion.

Spending on cloud IT infrastructure increased across all regions in 2Q20 with the two largest regions, China and the U.S., delivering the highest annual growth rates at 60.5% and 36.9% respectively. In all regions except Central & Eastern Europe and the Middle East & Africa, growth in public cloud infrastructure exceeded growth in private cloud IT.

At the vendor level, the results were mixed. Inspur more than doubled its revenue from sales to cloud environments, climbing into a tie for the second position in the vendor rankings while the group of original design manufacturers (ODM Direct) grew 63.6% year over year. Lenovo’s revenue exceeded $1 billion, growing at 49.3% year over year.

Long term, spending on cloud IT infrastructure is expected to grow at a five-year compound annual growth rate (CAGR) of 10.4%, reaching $109.3 billion in 2024 and accounting for 63.6% of total IT infrastructure spend. Public cloud datacenters will account for 69.4% of this amount, growing at a 10.9% CAGR.

Spending on private cloud infrastructure will grow at a CAGR of 9.3%. Spending on non-cloud IT infrastructure will rebound after 2020 but will continue to decline overall with a CAGR of -1.6%.

Financial risk and regulatory compliance pros struggling with collaboration

After several months of working from home, with no clear end in sight, financial risk and regulatory compliance professionals are struggling when it comes to collaborating with their teams – particularly as they manage increasingly complex global risk and regulatory reporting requirements.

financial risk and regulatory compliance

According to a survey of major financial institutions conducted by AxiomSL, 41% of respondents said collaborating with teams remains a challenge while working remotely.

“During the pandemic, financial firms quickly adapted to major changes, although not without some operational and technology weaknesses emerging,” said Alex Tsigutkin, CEO AxiomSL.

“Indeed, businesses might never return to the ‘old normal’, and that has made building data- and technology-driven resilience much more pressing than before the crisis. Our clients have been experiencing heightened regulatory pressures,” he continued.

“Throughout the crisis, we enabled them to respond rapidly to changes in reporting criteria, the onset of daily liquidity reporting, and the Federal Reserve’s emerging risk data collection (ERDC) initiative – that required FR Y­–14 data on a weekly/monthly basis instead of quarterly.”

These data-intensive, high-frequency regulatory reporting requirements will continue in the ‘new normal.’ “To future-proof, organizations should continue to establish sustainable data architectures and analytics that enable connection and transparency between critical datasets,” Tsigutkin commented.

“And, as a priority, they should transition to our secure RegCloud to handle regulatory intensity efficiently, bolster business continuity, and strengthen their ability to collaborate remotely,” he concluded.

Key research findings

Remote collaboration is a top operational challenge for financial risk and regulatory pros: For all the talk of work-from-anywhere policies becoming the future of financial services, 41% of the risk and compliance professionals surveyed said collaborating with colleagues while working remotely has been their biggest challenge during the COVID-19 crisis.

This was the most frequently cited challenge, followed by accessing data from dispersed systems (18%), reliance on offshore resources (15%), and reliance on locally installed technology (15%).

Liquidity reporting expected to get harder: New capital and liquidity stress testing requirements are expected to present a much heavier burden on financial firms, with 18% of respondents citing increased capital and liquidity risk reporting as a major challenge they will face over the next two years.

Cloud adoption gets its catalyst: After years of resisting cloud adoption, many North American financial institutions are finally gearing up to make the move. When it comes to regulatory technology spending over the next two years, enhanced data analytics is the top area of focus among 29% of survey respondents. But cloud deployment rose to second place (23%) followed by data lakes (22%) and artificial intelligence and machine learning (20%).

Reduction of manual processes is an operational focus for the next two years: The top risk and regulatory compliance challenge firms see on the road ahead is continuing to eliminate manual processes (29%), followed by improving the transparency of data and processes (21%), and fully transitioning to a secure cloud (13%).

RegTech budgets largely intact heading into 2021: A total of 83% indicated their near-term projects as virtually unimpacted or mostly going forward. And similarly, 81% said their budgets for 2021 remain intact (70%) or will increase (11%).

GRC teams have a number of challenges meeting regulatory demands

Senior risk and compliance professionals within financial services company’s lack confidence in the security data they are providing to regulators, according to Panaseer.

GRC regulatory demands

Results from a global external survey of over 200+ GRC leaders reveal concerns on data accuracy, request overload, resource-heavy processes and lack of end-to-end automation.

The results indicate a wider issue with cyber risk management. If GRC leaders don’t have confidence in the accuracy and timeliness of security data provided to regulators, then the same holds true for the confidence in their own ability to understand and combat cyber risks.

41% of risk leaders feel ‘very confident’ that they can fulfill the security-related requests of a regulator in a timely manner. 27.5% are ‘very satisfied’ that their organization’s security reports align to regulatory compliance needs.

GRC leaders cited their top challenges in fulfilling regulator requests, as:

  • Getting access to accurate data (35%)
  • The number of report requests (29%)
  • The length of time it takes to get information from security team (26%)

The limitations of traditional GRC tools

The issue has been perpetuated by the limitations of traditional GRC tools, which rely on qualitative questionnaires to provide evidence of compliance. This does not reflect the current challenges from cyber.

92% of senior risk and compliance professionals believe it would be valuable to have quantitative security controls assurance reporting (vs qualitative) and 93.5% believe it’s important to automate security risk and compliance reporting. However, only 11% state that their risk and compliance reporting is currently automated end to end.

96% said it is important to prioritize security risk remediation based on its impact to the business, but most can’t isolate risk to critical business processes composed of people, applications, devices. Only 33.5% of respondents are ‘very confident’ in their ability to understand all the asset inventories.

GRC regulatory demands

Charaka Goonatilake, CTO, Panaseer: “Faced with increasing requests from regulators, GRC leaders have resorted to throwing a lot of people at time-sensitive requests. These manual processes combined with lack of GRC tool scalability necessitates data sampling, which means they cannot have complete visibility or full confidence in the data they are providing.

“The challenge is being exacerbated by new risks introduced by IoT sensors and endpoints, which rarely consider security a core requirement and therefore introduce greater risk and increase the importance of controls and mitigations to address them.”

Andreas Wuchner, Panaseer Advisory Board member: “To face the new reality of cyberthreats and regulatory pressures requires many organizations need to fundamentally rethink traditional tools and defences.

“GRC leaders can enhance their confidence to accurately and quickly meet stakeholder needs by implementing Continuous Controls Monitoring, an emerging category of security and risk, which has just been recognised in the 2020 Gartner Risk Management Hype Cycle.”

What are the most hack-resistant industries?

Government and financial service sectors globally are the most hack-resistant industries in 2020, according to Synack.

hack-resistant industries

Government and financial services scored 15 percent and 11 percent higher, respectively, than all other industries in 2020. Government agencies earned the top spot in part due to reducing the time it takes to remediate exploitable vulnerabilities by 73 percent.

Throughout the year, both sectors faced unprecedented challenges due to the global pandemic, but still maintained a commitment to thorough and continuous security testing that lessened the risk from cyberattacks.

“It’s a tremendously tough time for all organizations amidst today’s uncertainties. Data breaches are the last thing they need right now. That’s why it’s more crucial than ever to quickly find and fix potentially devastating vulnerabilities before they cause irreparable harm,” said Jay Kaplan, CEO at Synack. “If security isn’t a priority, trust can evaporate in an instant.”

The government sector earned 61 — the highest rating

The chaos of 2020 added new hardship to many government bodies, but security hasn’t necessarily suffered as many agencies have become more innovative and agile. Their ability to quickly remediate vulnerabilities drove this year’s top ranking.

Financial services scored 59 amidst massive COVID-19 disruptions

Financial services adapted quickly through the pandemic to help employees adjust to their new remote work realities and ensure customers could continue doing business. Continuous security testing played a significant role in the sector’s ARS.

hack-resistant industries

Healthcare and life sciences scored 56 despite pandemic challenges

The rush to deploy apps to help with the COVID-19 recovery led to serious cybersecurity challenges for healthcare and life sciences. Despite those issues, the sector had the third highest average score as research and manufacturing organizations stayed vigilant and continuously tested digital assets.

ARS scores increase 23 percent from continuous testing

For organizations that regularly release updated code or deploy new apps, point-in-time security analysis will not pick up potentially catastrophic vulnerabilities. A continuous approach to testing helps ensure vulnerabilities are found and fixed quickly, resulting in a higher ARS metric.

Tracking global cybercrime activity and the impact on the digital economy

A LexisNexis Risk Solutions report tracks global cybercrime activity from January 2020 through June 2020. The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. This is likely linked to growth in genuine customer activity due to changing consumer habits.

global cybercrime activity

The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. This is likely linked to growth in genuine customer activity due to changing consumer habits.

The report analyzes data from more than 22.5 billion transactions processed, a 37% growth year over year. Mobile device transactions also continue to rise, with 66% of all transactions coming from mobile devices in the first half of 2020, up from 20% in early 2015.

There’s also an uptick in transactions from new devices and new digital identities. This is attributed to many new-to-digital consumers moving online to procure goods and services that were no longer available in person or harder to access via a physical store, during the pandemic.

Attacks by region

The EMEA region saw lower overall attack rates in comparison to most other global regions from January through June 2020. This is due to a high volume of trusted login transactions across relatively mature mobile apps.

The attack patterns in EMEA were also more benign and had less volatility and fewer spikes in attack rates. However, there are some notable exceptions. Desktop transactions conducted from EMEA had a higher attack rate than the global average and automated bot attack volume grew 45% year over year.

The UK originates the highest volume of human-initiated cyberattacks in EMEA, with Germany and France second and third in the region. The UK is also the second largest contributor to global bot attacks behind the U.S.

One example of a UK banking fraud network saw more than $17 million exposed to fraud across 10 financial services organizations. This network alone consisted of 7,800 devices, 5,200 email addresses and 1,000 telephone numbers.

Decline in attack rate

The overall human-initiated attack rate fell through the first half of 2020, showing a 33% decline year over year. The breakdown by sector shows a 23% decline in financial services and a 55% decline in e-commerce attack rates.

Latin America experienced the highest attack rates of all regions globally and realized consistent growth in attack rates from March to June 2020. The attack patterns in North America and EMEA had less volatility and fewer spikes in attack rates from the six-month period observed.

Attack vector global view

Media is the only industry that recorded an overall year over year growth in human-initiated cyberattacks. There was a 3% increase solely across mobile browser transactions.

Globally, automated bots remain a key attack vector in the Digital Identity Network. Financial services organizations experienced a surge in automated bot attacks and continue to experience more bot attacks than any other industry.

Across the customer journey

New account creations see attacks at a higher rate than any other transaction type in the online customer journey. However, the largest volume of attacks targets online payments. Login transactions have seen the biggest drop in attack rate in comparison to other use cases.

Analysis across new customer touchpoints in the online journey is included in this report for the first time, providing additional context on key points of risk such as money transfers and password resets.

global cybercrime activity

During COVID-19

All industries have felt the impact of COVID-19. There are clear peaks and troughs in transaction volumes coinciding with global lockdown periods.

Financial services organizations realized a growth in new-to-digital banking users, a changing geographical footprint from previously well-traveled consumers and a reduction in the number of devices used per customer. There have also been several attacks targeting banks offering COVID-19-related loans.

E-commerce merchants have seen an increase in digital payments and several other key attack typologies that coincide with the lockdown period. These included account takeover attacks using identity spoofing and more first-party chargeback fraud.

Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions, said: “The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry.”

What happens to funds once they have been stolen in a cyberattack?

SWIFT and BAE Systems published a report that describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber attack.

cyberattack stolen funds

The report highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds. For instance, cybercriminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements, complete with references to the organization’s diversity and inclusion commitments.

Attackers using untraceable money laundering techniques

They use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer (KYC) and due diligence checks on new account openings. And they convert stolen funds into assets such as property and jewellery which are likely to hold their value and less likely to attract the attention of law enforcement.

Although there has been much research into the methods that cybercriminals use to conduct attacks, there has been less investigation into what happens to funds once they have been stolen.

Brett Lancaster, Head of the Customer Security Programme at SWIFT said: “The threat posed by cyber-attacks to the financial sector has never been greater. Attackers are well-resourced, constantly evolving their modus operandi and using untraceable money laundering techniques.

“The report highlights how the growth in cyber attacks is increasing the need for the convergence of anti-money laundering, fraud and cybersecurity processes in financial institutions. It calls for them to increase information sharing, tighten due diligence requirements and smartly invest in maintaining systems to strengthen their defences.”

Simon Viney, Cyber Security Financial Services Sector Lead at BAE Systems Applied Intelligence said: “The activity from cybercriminals and gangs across the world is estimated to result in over $1.5 trillion dollars in annual losses.

“This report focuses on money laundering related activities necessary for cyber attackers to conduct and ‘cash out’ a successful attack and avoid the money subsequently being traced.

“As technology and criminals’ techniques evolve at a rapid pace, so will the need for institutions, both private sector and law enforcement, to collaborate and maintain awareness of evolving money laundering techniques, in order to reduce the opportunities for threat groups to benefit from committing high-value cyber heists.”

Other findings

  • Front companies – Cybercriminals tend to focus on textile, garment, fishery and seafood businesses to obfuscate funds. They find it easier to operate in parts of East Asia where less stringent regulations make it easier to conduct their activities.
  • Cryptocurrencies – While the number of identified cases of money laundering through cryptocurrencies is low so far, there have been a couple of major incidents involving millions of dollars. Digital transactions are appealing because they are conducted in a peer-to-peer manner that circumvents the compliance and KYC checks conducted by banks, and often require only an e-mail address.
  • Experience – The method chosen by cybercriminals to cash out and spend the stolen funds is indicative of their levels of professionalism and experience. Some inexperienced criminals have immediately made extravagant purchases drawing the attention of law enforcement agencies and leading to arrests.

How COVID-19 affected remote work, customer engagements, and return to the office plans

Top-tier enterprises were 2.6 times as likely to have grown revenue, 2.5 times as likely to have reached profit goals and 2.1 times as likely to have high employee satisfaction numbers during the COVID-19 pandemic, according to a Catchpoint survey of 200 enterprise CIOs and 200 enterprise work-from-home (WFH) managers.

COVID-19 affected remote work

Effects of COVID-19 on enterprises

Before COVID-19 hit, 33 percent American enterprise employees worked from home at least some of the time. During the pandemic, this increased to 74 percent.

In terms of engaging with customers, prior to the pandemic, 43 percent of customer engagements were face-to-face. During the pandemic, this dropped to just 13 percent.

The pandemic has been tough on most enterprises. The survey shows that the three biggest impacts on businesses were profitability, revenue growth and productivity. Within IT departments, the biggest impacts were security, app reliability and network availability.

“When it comes to today’s Digital Workplace, reliable performance is critical for employee productivity and morale, and with a fast-increasing number of employees working from home, systems are more prone to reliability, availability and performance issues affecting remote workers,” said Mehdi Daoudi, CEO at Catchpoint.

“The ability to measure, visualize and proactively react to outages and slowdowns can deliver a 1st class digital employee experience.”

Lessons from top-tier enterprises

Not every enterprise had the same experience and some did surprisingly well during the pandemic. To see the differences, responses were devided into three tiers.

Top tier are organizations that performed the best in terms of business and IT metrics and bottom tier performed the worst. Then the top and bottom tiers were compared to explore those differences and what the top tier was doing differently.

Four keys to top-tier enterprises’ impressive results were found:

  • Focus on reliability. The top tier is fully committed to reliability. 91 percent of the top tier has implemented a formal site reliability engineering methodology (SRE). This compares to just 69% of bottom-tier organizations.
  • Focus on work-from-home tech stack. The top tier is committed to making Work-from-Home (WFH) employees as productive as possible. For example, the top tier is 33 percent more likely to train their employees on work-from-home technologies. The top tier also does a better job of equipping their WFH employees—nearly three times as likely to say their employees’ collaboration tools are extremely effective.
  • General networking initiatives. Top-tier organizations are more engaged with cutting- edge initiatives that optimize remote work. For example, top-tier are 1.8 times as likely to be involved with robotic process automation.
  • Security initiatives. Finally, top-tier organizations are also more engaged with cutting-edge security initiatives. Top-tier reported being 1.4 times as likely to be involved with better security management and working with software-defined perimeters.

COVID-19 affected remote work

“In the report we found that these security initiatives stand out. My interpretation is that this is mostly around the challenges of securing people and apps that are outside the firewall. SASE (Secure Access Service Edge) is the biggest initiative in security today, and zero trust networks and software-defined perimeter are part of SASE. So it is fair to say Top-Tier CIOs have doubled down on SASE to make sure they can securely connect their work-from-home workers,” Daoudi told Help Net Security.

Global WAN optimization market to reach $4.88 billion by 2027

The global wide area network optimization market size is estimated to reach $4.88 billion by 2027, registering a CAGR of 9.5% from 2020 to 2027, according to Grand View Research.

global WAN optimization market

The growing need for efficient network optimization across business organizations is the major factor in driving the market growth. Moreover, in a bid to achieve improved Quality of Service (QoS) and productivity on their existing network, companies across the globe are increasingly deploying network optimization solutions, thereby supporting the market demand.

The ongoing COVID-19 pandemic has compelled several business organizations and educational institutions to shut their operations temporarily. The closure of educational institutes has necessitated students to use virtual offerings (example – Google Classroom) for learning.

In a bid to offer a unified digital learning experience to students, universities and institutions have been forced to deploy robust network infrastructure, necessitating the need for network monitoring and thereby driving demand for wide area network (WAN) optimization solutions.

Similarly, several enterprises have allowed their employees to work from home till the pandemic is contained, thereby necessitating a reliable and effective network monitoring solution to help minimize latency in the network and deliver an agile response to employees and clients. Therefore, the COVID-19 outbreak is expected to have a positive impact on market demand.

Global WAN optimization market: Key suggestions

  • In 2019, North America accounted for a market size of $914.60, attributed to the presence of a number of large enterprises and data centers.
  • The SD-WAN optimization solution segment is estimated to witness significant growth from 2020 to 2027, owing to the rapid deployment of SD-WAN across enterprises globally. The SD-WAN helps businesses to enhance their application performance and offers an enhanced user experience.
  • Cloud-based WAN optimization solutions segment is expected to witness remarkable growth over the forecast period on the back of benefits associated in terms of accessibility offered and infrastructure cost.
  • Increasing awareness regarding cost-benefit associated with a cloud-based business model has led to the increasing adoption of cloud-based WAN optimization solutions across large, medium, and small enterprises in the Asia Pacific. Increasing adoption of cloud-based solutions, especially across verticals including IT and telecom, healthcare, and retail is expected to help the region expand at a CAGR of 10.5% over the forecast period.
  • Prominent players such as Cisco Systems; Citrix Systems; and Vmware are strategically focusing on establishing partnerships to strengthen their client base and increase overall revenue share in the market.

With the introduction of the next-generation 5G network, many businesses and service providers are investing heavily in high-speed cloud-RAN (C-RAN) and core network deployments.

While C-RAN helps service providers to reduce huge costs associated with the infrastructure, the high-speed network needs continuous monitoring to ensure operational performance through minimal downtime. Thus, imminent need to minimize the downtime and thereby improve operational performance is expected to drive demand for WAN optimization solutions among business organizations.

With the advent of edge computing and its increased adoption across industry verticals, small-scale data center establishments are on the rise. To attain optimal computation and ensure unified communication during the data exchange process between data centers, businesses are increasingly deploying WAN optimization solutions.

Moreover, the key market players are significantly focusing on partnerships and collaborations with large service providers to capture market share.

Key players in the WAN optimization market
  • Cisco Systems
  • HPE (Silver Peak)
  • Riverbed Technology
  • Citrix Systems
  • Fortinet
  • Vmware
  • Broadcom (Symantec Enterprise)
  • FatPipe Networks
  • Versa Networks
  • Exinda
  • Blue Coat System
  • Infovista Corporation
  • NTT Communications
  • Aryaka Networks
  • Circadence Corporation
  • Array Networks
  • Sangfor Technologies

Financial impact of cyber-physical system attacks expected to grow

Liability for cyber-physical security incidents will pierce the corporate veil to personal liability for 75% of CEOs by 2024, according to Gartner.

cyber-physical system attacks

Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to people, destruction of property or environmental disasters. Gartner analysts predict that incidents will rapidly increase in the coming years due to a lack of security focus and spending currently aligning to these assets.

The funcion of CPSs

CPSs are defined as systems that are engineered to orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). They underpin all connected IT, operational technology (OT) and Internet of Things (IoT) efforts where security considerations span both the cyber and physical worlds, such as asset-intensive, critical infrastructure and clinical healthcare environments.

“Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure CPSs, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner.

“In the U.S., the FBI, NSA and CISA have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry. Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”

The financial impact of CPS attacks resulting in fatal casualties is predicted to reach over $50 billion by 2023. Even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant.

“Technology leaders need to help CEOs understand the risks that CPSs represent and the need to dedicate focus and budget to securing them,” said Ms. Thielemann. “The more connected CPSs are, the higher the likelihood of an incident occurring.”

Many enterprises not aware of CPSs already deployed in their org

With OT, smart buildings, smart cities, connected cars and autonomous vehicles evolving, incidents in the digital world will have a much greater effect in the physical world as risks, threats and vulnerabilities now exist in a bidirectional, cyber-physical spectrum.

However, many enterprises are not aware of CPSs already deployed in their organization, either due to legacy systems connected to enterprise networks by teams outside of IT, or because of new business-driven automation and modernization efforts.

“A focus on ORM – or operational resilience management – beyond information-centric cybersecurity is sorely needed,” Ms. Thielemann said.

The global cost of cybercrime per minute to reach $11.4 million by 2021

Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. It will also have a per-minute global cost of $11.4 million by 2021, a 100% increase over 2015.

cost cybercrime minute

The report covers the top threats facing today’s organizations, which are proliferating at a clip of 375 per minute, and reflects the current surge in attacks leveraging the COVID-19 pandemic.

Other malicious activity

  • 1.5 attacks on computers with an Internet connection per minute
  • 375 new threats per minute
  • 16,172 records compromised per minute
  • 1 vulnerability disclosed every 24 minutes
  • 5.5 vomain infringements detected per minute
  • 1 Magecart attack every 16 minutes
  • 1 COVID-19 blacklisted domain every 15 minutes
  • 35 COVID-19 spam emails analyzed per minute

“The sheer scale of today’s threat activity is driven by a variety of factors, including that cybercrime is easier than ever to participate in and better threat technology makes cybercriminals more effective and wealthier than in the past,” said Lou Manousos, CEO, RiskIQ.

Commonly used tactics

Tactics covered in the report range from phishing to domain infringement to supply chain attacks that target e-commerce, like the Magecart hacks that have increased by 30% since the COVID-19 outbreak began. The motives of cybercriminals include monetary gain, large-scale reputational damage, political motivations, and espionage.

“These stats show threat activity is widespread, but also show the power of threat intelligence in defending the enterprise,” Manousos said.

“More knowledge, greater awareness, and an increased effort to implement necessary security controls make a huge difference in stopping these threat actors in their tracks.”

Worldwide AI spending to reach more than $110 billion in 2024

Global spending on AI is forecast to double over the next four years, growing from $50.1 billion in 2020 to more than $110 billion in 2024.

ai spending forecast 2024

According to IDC, spending on AI systems will accelerate over the next several years as organizations deploy artificial intelligence as part of their digital transformation efforts and to remain competitive in the digital economy. The compound annual growth rate (CAGR) for the 2019-2024 period will be 20.1%.

“Companies will adopt AI — not just because they can, but because they must,” said Ritu Jyoti, Program VP, Artificial Intelligence at IDC.

“AI is the technology that will help businesses to be agile, innovate, and scale. The companies that become ‘AI powered’ will have the ability to synthesize information (using AI to convert data into information and then into knowledge), the capacity to learn (using AI to understand relationships between knowledge and apply the learning to business problems), and the capability to deliver insights at scale (using AI to support decisions and automation).”

Two of the leading drivers for AI adoption are delivering a better customer experience and helping employees to get better at their jobs. This is reflected in the leading use cases for AI, which include automated customer service agents, sales process recommendation and automation, automated threat intelligence and prevention, and IT automation. Combined, these four use cases will represent nearly a third of all AI spending this year. Some of the fastest growing use cases are automated human resources, IT automation, and pharmaceutical research and discovery.

AI spending forecast by industry

The two industries that will spend the most on AI solutions throughout the forecast are retail and banking. The retail industry will largely focus its AI investments on improving the customer experience via chatbots and recommendation engines while banking will include spending on fraud analysis and investigation and program advisors and recommendation systems.

Discrete manufacturing, process manufacturing, and healthcare will round out the top 5 industries for AI spending in 2020. The industries that will see the fastest growth in AI spending over the 2020-2024 forecast are media, federal/central government, and professional services.

COVID-19 caused a slowdown in AI investments across the transportation industry as well as the personal and consumer services industry, which includes leisure and hospitality businesses. These industries will be cautious with their AI investments in 2020 as their focus will be on cost containment and revenue generation rather than innovation or digital experiences,” said Andrea Minonne, senior research analyst, Customer Insights & Analysis, IDC.

“On the other hand, AI has played a role in helping societies deal with large-scale disruptions caused by quarantines and lockdowns. Some european governments have partnered with AI start-ups to deploy AI solutions to monitor the outcomes of their social distancing rules and assess if the public was complying with rules. Also, hospitals across Europe are using AI to speed up COVID-19 diagnosis and testing, to provide automated remote consultations, and to optimize capacity at hospitals.”

“In the short term, the pandemic caused supply chain disruptions and store closures with continued impact expected to linger into 2021 and the outyears. For the most impacted industries, this has caused some delays in AI deployments,” said Stacey Soohoo, research manager, Customer Insights & Analysis, IDC.

“Elsewhere, enterprises have seen a silver lining in the current situation: an opportunity to become more resilient and agile in the long run. Artificial intelligence continues to be a key technology in the road to recovery for many enterprises and adopting artificial intelligence will help many to rebuild or enhance future revenue streams and operations.”

Software, hardware and geographical trends

Software and services will each account for a little more than one third of all AI spending this year with hardware delivering the remainder. The largest share of software spending will go to AI applications ($14.1 billion) while the largest category of services spending will be IT services ($14.5 billion).

Servers ($11.2 billion) will dominate hardware spending. Software will see the fastest growth in spending over the forecast period with a five-year CAGR of 22.5%.

On a geographic basis, the United States will deliver more than half of all AI spending throughout the forecast, led by the retail and banking industries. Western Europe will be the second largest geographic region, led by banking, retail, and discrete manufacturing.

China will be the third largest region for AI spending with state/local government, banking, and professional services as the leading industries. The strongest spending growth over the five-year forecast will be in Japan (32.1% CAGR) and Latin America (25.1% CAGR).

How can companies avoid the risks of unexpected expenses related to cloud migration?

As companies shift to remote work and move business operations online because of the spread of COVID-19, they are increasingly relying on cloud services.

expenses cloud migration

Unexpected expenses and cloud migration

In fact, cloud spending hit a record $34.6 billion in the second quarter, representing a 30% bump year-over-year and 11% increase from the previous quarter. Further, nearly a third of IT budgets will be dedicated to cloud services by next year.

Tangoe advised companies about the risk of unexpected cloud migration expenses, while at the same time employees are also buying more self-service infrastructure to support working from home.

“Given the cost pressures many companies find themselves under because of the current economic environment, it is critical they employ a strategy for cloud investment that provides the best service to their organizations, while optimizing both their cloud infrastructure and corresponding spend,” said Brandon Henning, Chief Product Officer at Tangoe.

To maximize cloud investment and improve overall efficiency, companies are advised to take a few important steps now.

Achieve clear visibility into usage

An understanding of how the workforce is leveraging cloud technology plays a critical role in assessing the true ROI of these initiatives. This includes analyzing how usage has changed over time to better predict where increased or, in some cases, decreased, investment is needed.

Visibility goes beyond the IT department and extends into other parts of the business, such as finance, to ensure teams are aligned on how cloud spending benefits the business overall.

Reevaluate cloud infrastructure to optimize spend

Understanding the infrastructure purchased and how it aligns to what is required to support the business is critical for optimizing spend and cloud contracts.

Organizations may be able to shift from one vendor to another, or turn-up/turn-down reserve instances to better optimize infrastructure, spend and contracts. This requires having the right tools in place to provide the necessary visibility for making these assessments.

Establish proper tools for cloud environment maintenance for future investments

The modern enterprise will continue to shift to the cloud, so infrastructure requirements will only grow – and so will the associated costs of both infrastructure IT and unauthorized shadow IT purchases.

It is critical to ensure proper monitoring tools and processes are in place for keeping cloud costs under control. By proactively identifying areas in which spending can be better controlled, organizations are able to improve efficiency and adjust budget allocations to support future investments.

“There’s no arguing that cloud is driving the way businesses operate today. The ability to expand and manage these environments will be the key differentiator in successfully future-proofing business models and avoiding potential disruptions,” Henning said.

Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report.

Q2 2020 email security

The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks.

There have been surges in COVID-19-themed email security attacks, which continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2. There has also been a continued increase in BEC attacks targeting finance department employees over C-level executives, which grew by 50% quarter-over-quarter.

A spike in payment and invoice fraud attacks

Payment and invoice fraud attacks, largely driven by vendor fraud, grew by 112% over the last quarter, spiking at the end of June. For the first time, a surge in payment and invoice fraud related to the pandemic has been detected.

BEC-specific attacks also saw an acceleration of attack campaign volume, growing by 11% over Q2 as hackers took advantage of new work-from-home scenarios. As BEC attacks are highly targeted and sophisticated, designed to dupe key targets with the potential to lead to big payouts, this increase is substantial in nature.

The shift to remote work makes employees more susceptible to BEC attacks and gives threat actors the opportunity to apply tactics likely to be successful given these working conditions.

“The pandemic has ignited digital transformation efforts at a breakneck pace and cybercriminals are moving just as fast, taking advantage of a new work-from-home landscape amid great business uncertainty,” said Even Reiser, CEO, Abnormal Security.

“Keeping pace with change is critical, as attackers have continued to exploit enterprises’ weak links – such as vendor and partner relationships – and are pushing more sophisticated and targeted BEC attacks than we’ve seen previously.”

Q2 2020 email security

Changing trends in brand impersonation attacks

The report also uncovered changing trends in brand impersonation attacks, a form of fraud where a bad actor assumes the identity of a trusted or known entity. These attacks tend to follow the zeitgeist, which may help explain why Zoom became the most impersonated brand in Q2 due to its instant popularity and ubiquity.

Rounding out the top three were two other brands very much associated with COVID-19 shifts toward e-commerce and delivery: Amazon and DHL. For comparison, the three most impersonated brands in Q1 2020 were American Express, Amazon and iCloud.

“Our analysis of BEC and email security trends in Q3 will certainly prove to be interesting as we expect a downward trend in COVID-19-related attacks, an uptick in attacks related to the 2020 election and a continued rise in BEC, as attackers find success with socially-engineered techniques that evade traditional email security defenses,” said Reiser.

“Business leaders need to continue to focus on reviewing email security measures, most importantly examining BEC defenses, to ensure protection against attackers who are gaining steam.”

Save-to-transform as a catalyst for embracing digital disruption

Organizations that invest in key capabilities today to navigate a post COVID-19 business environment can position themselves to thrive in the “next normal”, according to a Deloitte survey.

embracing digital disruption

The survey also found that expectations for positive revenue growth have declined significantly since the 2019 edition of the study, and two-thirds of respondents expect at least one more wave of COVID-19 relapses to occur. As a result, 66% of companies globally now expect to pursue cost reduction over the next 12 months, compared to 38% before the pandemic.

In addition, the percentage of respondents pursuing cost reduction targets greater than 10% increased by 61% (25 percentage points) compared to pre-COVID-19 levels.

The report, conducted between June and July 2020, aims to understand the short- and long-term impacts of the COVID-19 crisis on global cost management, performance improvement practices and transformation trends.

Survey results include responses from 1,089 global executives from 14 countries in the U.S., Latin America, Europe and Asia Pacific regions that have direct involvement in their companies’ cost management and enterprise transformation efforts.

Shifting cost management strategy from “Save-to-Transform”

The 2019 survey, conducted prior to the COVID-19 pandemic, found that the prevailing mindset for strategic cost management and enterprise transformation was “Save-to-Transform.”

In this approach, businesses evolve through infrastructure investments in digital technologies. In turn, these technologies can deliver dramatic improvements in competitiveness, performance and operating efficiency.

In response to the pandemic, the survey shows that organizations are evolving into a “Save-to-Thrive” mindset, in which they are accelerating strategic transformation actions specifically in response to challenges posed by COVID-19 to make shifts to their operating models, products and services and customer engagement capabilities.

“The Save-to-Thrive framework will be essential to success in the next normal as companies rely on technology and digital enablement — with a renewed emphasis on talent — to improve their plans for strategic cost transformation and overall enterprise performance improvement,” said Omar Aguilar, principal and global strategic cost transformation leader, Deloitte Consulting.

“Companies that react quickly and invest in technology and digital capabilities as they pursue the strategic levers of cost, growth, liquidity and talent will be best-positioned to succeed.”

Business challenges in a COVID-19 world

As countries responded to the pandemic by implementing restrictions such as stay-at-home orders and mandatory shutdowns, organizations began to experience demand-driven financial impacts.

According to the study, the top external challenge reported globally is a drop in consumer demand (74%), followed by a related shift in consumer behavior (67%). Cybersecurity vulnerabilities (65%) and supply chain challenges (65%) were also reported by survey respondents as top issues impacting their organizations.

In addition, industry-specific impacts are posing challenges — though they vary significantly by sector. A decline in revenue is expected by 61% of transportation sector and 60% of hospitality sector respondents, many of whose operations have been significantly curtailed by consumer demand and public health measures.

On the positive side, revenue growth is expected by 63% in the medical technology sector followed closely by telecom (58%), pharmaceuticals (58%) and software and information technology services (57%).

Finally, inability to adjust cost structure to meet demand is the top internal challenge globally and across all regions. Inability to meet employee safeguards and satisfy increased demand round out the top three internal challenges globally.

Coping with COVID-19: respond, recover, thrive

Current actions to address the COVID-19 crisis can be divided into three major stages: “respond” (immediate actions to respond to the crisis), “recover” (stabilize operations), and “thrive” (defined strategy with structural changes to thrive).

These stages culminate into a long-term operating environment we call the “next normal,” which represents new business conditions established as a result of the societal, commercial and technological changes caused by public and private reactions to COVID-19.

Today, survey respondents report that they are mostly in the “recover” phase as they respond to the immediate crisis and turn to recovery actions. The study also shows, as organizations move through these phases, that expectations for revenue growth, although down from pre-COVID-19 levels, remain somewhat positive in the respond stage (55%) and “recover” stage (58%).

In the “thrive” stage, the vast majority of companies globally (74%) and in all regions have a positive outlook for revenue growth, with only 24% globally expecting flat or declining revenue.

Lastly, automation has emerged as the top transformation action with about 2 in 3 companies expecting to pursue automation in all three stages of the respond-recover-thrive framework.

Succeeding in the next normal: New business conditions after COVID-19

When mapping out strategies to respond, recover and thrive, organizations should have informed insights about the future business environment. The 2020 Cost and Transformation Survey reports several trends that are shaping the next normal, including:

  • Revenue sources will be fundamentally different: According to the survey, the fastest growing revenue sources will be: digital channels; new products and services; and domestic operations.
  • IT infrastructure, remote work, and digital channels will be the top operating model priorities: The survey reports the top priorities as: enhance IT infrastructure (78%); enable remote work (76%); and enable pre-sale, sale and post-sale activities through digital channels (72%).
  • Top product strategies for the next normal focus on innovation, health and safety measures and customization: Globally, the top product strategies include: adjust, redesign or innovate your product/service offering to expand to adjacent and/or new markets (74%); leverage new health and safety measures by redesigning your current product/service offering (73%); and customize products or services to meet new customer and/or government requirements (74%).
  • Next normal customer engagement strategies will be driven by digital channels and flexible customer experiences: Globally, the most popular strategy for customer engagement will be to shift most transactions to digital channels (75%).
  • Cybersecurity and cloud will be the key technologies: Respondents report the most relevant technologies in the next normal will be cybersecurity solutions (80%) and cloud computing (80%).

“Our 2020 Global Cost and Enterprise Transformation survey shows how organizations that strategically pursue cost reduction in the wake of COVID-19, while concurrently reimagining the enterprise and transforming work and business models, can be more successful in the next normal,” said Sam Balaji, Deloitte global consulting leader.

“Investing in critical technology capabilities such as cloud and digital can increase business agility, improve competitiveness and better prepare organizations to persevere, and position them well for the post-COVID environment.”

Pandemic accelerates investments in tech, automation, workplace transformation

Umpqua Bank released a survey gauging the impact of the COVID-19 pandemic on the confidence and future of U.S.-based small and mid-size businesses. More than 1,200 leaders at companies across all industries and geographic regions were surveyed on how their businesses are responding and what they will need in the months ahead to navigate successfully through a once-in-a-lifetime global pandemic event.

pandemic investments

“There’s no denying that the pandemic’s economic impact is deep and continues to be painful for businesses, but there is reason for measured optimism,” said Umpqua Bank President Torran Nixon.

“Small and mid-size businesses are showing resilience and ingenuity in the face of unprecedented disruption and uncertainty. Our research indicates that many have already made strategic pivots that in some cases have made them more competitive, and many more are preparing to pull all the levers at their disposal to emerge healthier, more efficient and better able to serve their customers in the long run.”

Survey participants come from businesses that weathered the initial economic shutdown but face continued uncertainty and are a primary audience for financial assistance through the federal Paycheck Protection Program.

They represent a broad cross-section of U.S. enterprises that drive significant job creation and prosperity, including middle market companies with at least $10 million in annual revenue that contribute $6 trillion to the U.S. economy annually and employ 44 million Americans.

Pandemic investments in tech, automation accelerate

Even as a significant majority of mid-size companies delay or cut spending in several areas, including outside vendors, marketing and promotions, hiring and benefits, nearly 5 in 10 have increased spending on technology, digital transformation or automation.

More than 80% of businesses have already begun automating or plan to automate tasks previously performed by workers, and 76% are exploring ways to digitize the customer experience.

Though smaller businesses are less likely to have concrete plans to make these shifts, moving toward automation and digital customer experience still rank as two of the top priorities for 29% and 46% of small businesses, respectively.

Companies adapting and reinventing their business

Mid-size companies in particular are making significant changes to lines of products and services, with 75% reporting they have or plan to do so. Roughly 30% of small businesses report a similar strategic shift.

Nearly 80% of mid-size companies have already (17%) or are likely (61%) to make changes to their pricing model.

The potential of long-term workplace changes

The U.S. workforce has experienced significant upheaval in recent months. According to the report, some of the changes could have long-lasting impact. Remote workplace, for example, could be here to stay as nearly 8 in 10 mid-size and almost 50% of small businesses are moving now and planning in the future to allow more employees to work from home.

More than 60% of mid-size companies are also likely to replace current employees to add different skillsets, as well as move away from a traditional staffing model in favor of utilizing more contract workers.

Measured 12-month optimism is coupled with planning for expansion

Nearly 7 in 10 businesses expect their revenue to remain stable (40%) or increase (29%) the next year. Another 66% expect their profitability to remain stable (40%) or increase (26%) in the next year.

Despite the challenging environment, roughly 70% of mid-size businesses are also thinking about expansion plans, with businesses in the Western U.S. leading all other regions in planning.

Some businesses are stronger, focused on positive, long-term changes

Though many businesses have been negatively impacted by the pandemic, not all businesses have been impacted adversely. Nearly a quarter of businesses report a stronger competitive advantage. Another 41% say they’re adapting and making changes that will make them profitable and competitive long term.

According to Richard Cabrera, Umpqua’s head of commercial & corporate banking, there’s tremendous opportunity for financial institutions to continue rising to the occasion following the Paycheck Protection Program by providing tailored solutions that preserve cashflow and create efficiencies necessary to remain competitive in the current and post-COVID economy.

“The stakes in the current economy are high, and the pandemic is clearly forcing companies to carefully consider key aspects of their business and go-forward strategy,” said Cabrera.

“With the help of experts in banking and other professional services, many small and mid-size enterprises will emerge from this crisis looking and behaving very differently, which likely will contribute to significant shifts in the U.S. economy as a whole.”