Site Search

Loading Results

Resilience as the new standard

Joseph Coltson Partner, National Cyber Forensics Investigations Leader, PwC Canada 06 January, 2023

Strategically strengthen your organization’s cybersecurity posture

The cyber threat landscape is becoming increasingly volatile—and as the number of incidents and breaches rises, so does cybersecurity spending overall. The vast majority of Canadian respondents to PwC’s most recent Global Digital Trust Insights survey report experiencing more exposure to cyberattacks due to increased digitization over the last two years. And nearly two-thirds expect their organization’s cyber budget to increase in 2023.

But many executives aren’t convinced all this spending is paying off. Only slightly over half (51%) of Canadian cyber decision-makers feel their organization’s cyber budget is adequate for cybersecurity to create value for their organization.

Many organizations are having trouble moving beyond the inefficient practice of isolated threat response to holistic risk awareness and mitigation. Four out of ten Canadian respondents report their organization focuses on isolated risk scenarios and how to recover from each individually, and only 57% are formally incorporating a catastrophic cyberattack into their organizational resilience plans. Organizations taking a fragmented approach to cyber are quickly losing ground to competitors: even if their overall security maturity isn’t changing, they’re spending time and resources fighting fires that should be spent on business priorities.

So what can executives do to move their organization from responding to specific crises to better awareness and mitigation of risks across their cyber ecosystem?

Where to start? Key considerations when strengthening cyber resilience

The first step is to identify exactly where your organization needs to mature. It’s crucial to make sure your workforce has the specific cyber skills needed and that your organization has access to the latest hardware and software to get visibility across the threat landscape and respond quickly and effectively to issues.

In the current environment of quickly increasing cyber threats and costs, sometimes the right move is to build a relationship with an external organization with the strategic cyber capabilities needed. This can provide an organization with the speed, agility and innovation that are crucial to building cyber resilience.

For example, we were recently engaged by a large national not-for-profit organization that had been the victim of a cyber breach.* At the time of engagement, this organization had a very limited IT capacity. By engaging with us, they were able to respond immediately to the crisis and get to a much more sophisticated security posture quickly without taking on the responsibility of setting up—and maintaining—the systems and staff needed. We’ve onboarded a number of managed cybersecurity services, and with the completion of each project, we’re strategically increasing the maturity of the organization.

Strong relationships with leadership at this organization have been integral to the process of enhancing organizational resilience. We’ve used the visibility we have across the industry, as well as intelligence from our own tech providers, to develop table-top exercises for executives. These exercises mimic a particular type of attack to give leaders insights into their readiness to respond. We’re also generating discrete playbooks that outline how to respond to specific issues. In addition to helping organizational leaders know what to do, these playbooks provide clarity around the level of support we provide.

There’s now been a measurable improvement in this organization’s ability to detect, respond and act on threats. Through biannual maturity assessments, we provide them with concrete examples of the outcomes we’ve achieved—increased strength and resilience—to share with their leadership and board.

Don’t wait and see: Take a strategic approach to cybersecurity now

We see many organizations taking a wait-and-see approach to cyber, choosing to deal with incidents or breaches as they happen rather than taking a more proactive approach. But this is an inherently risky strategy, especially for organizations maintaining personally identifiable information and/or operating internationally. And as the volume of attacks continues to increase, this approach is becoming simply untenable.

The time is now to strategically strengthen your organization’s cybersecurity posture and move towards a position of resilience. Build a cyber roadmap for your organization, and make sure all stakeholders understand it and are aware of any partnerships in place: C-suite communication around cyber is paramount. Ensure your organization is cyber-ready to secure your digital future and unlock business opportunities.

Looking to strengthen your organization’s cyber resilience and mitigate risks across your cyber ecosystem? Contact us to learn more.

* On a going-forward basis, we’re anonymizing all our clients in cyber publications to safeguard their security and privacy.

Related Content

Contact us

Joseph Coltson

Joseph Coltson

Partner, National Cyber Forensics Investigations Leader, PwC Canada

Tel: +1 416 687 8262

Email
Umang Handa

Umang Handa

Partner, National Cybersecurity Managed Services Leader, PwC Canada

Tel: +1 416 815 5208

Linkedin Follow Email
Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Linkedin Follow Email
Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Linkedin Follow Email
Follow PwC Canada
Today's issues Top issues Acquisitions and Divestitures Building trust for today and tomorrow Compliance. Transformed. Crisis Cybersecurity, Privacy and Financial Crime Environmental, social and governance (ESG) Fit for Growth Future of finance Generative AI Workforce of the future
Insights All Insights Blogs CEO survey Cloud Technology Insights Director connect Generative AI Hub Podcasts Risk and Regulatory Hub Smart cities Strategy& strategy+business
Industries Industries Asset management Automotive Banking & capital markets Cannabis Consumer markets Energy Entertainment and media Financial services Government and Public Services Healthcare Industrial manufacturing Insurance Mining Power & utilities Private equity Real estate Technology sector Telecommunications innovation Transportation and logistics
Services Services Accounting Advisory Services Alliances Audit and Assurance Consulting Crisis and resilience Current Insolvency Assignments Data and analytics Deals Forensic Services Japanese Business Network Legal Managed Services Products PwC Private Risk Assurance Risk Modelling Services Tax Transformation and investment management
About us About Us 2023 new partners Board of directors Alumni Contact us Corporate responsibility Ethics and Code of Conduct Inclusion and diversity Our Canadian leadership team Our history Our offices locations Our people Our purpose, vision and values Press releases Procurement at PwC The New Equation Women in Leadership
Careers Careers Explore our business areas Student and new graduate opportunities Life at PwC Canada Benefits, flexibility and wellness Talent Community

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.