Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organisations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society.
PwC launched its 2018 Global State of Information Security® Survey (GSISS), based on responses of more than 9,500 senior business and technology executives from 122 countries.
Executives worldwide acknowledge the increasingly high stakes of cyber insecurity. Forty percent of survey respondents cite the disruption of operations as the biggest consequence of a cyberattack, 39% cite the compromise of sensitive data, 32% cite harm to product quality, and 22% cite harm to human life.
Yet despite this awareness, many companies at risk of cyberattacks remain unprepared to deal with them. Forty-four percent say they do not have an overall information security strategy. Forty-eight percent say they do not have an employee security awareness training programme, and 54% say they do not have an incident-response process.
How cyber interdependence drives global risk
Case studies of non-cyber disasters have shown that cascading events often begin with the loss of power—and many systems are impacted instantaneously or within one day, meaning there is generally precious little time to address the initial problem before it cascades. Interdependencies between critical and non-critical networks often go unnoticed until trouble strikes.
Many people worldwide—particularly in Japan, the United States, Germany, the United Kingdom and South Korea—are concerned about cyberattacks from other countries. Tools for conducting cyberattacks are proliferating worldwide. Smaller nations are aiming to develop capabilities like those used by larger countries. And the leaking of US National Security Agency (NSA) hacking tools has made highly sophisticated capabilities available to malicious hackers.
When cyberattacks occur, most victimized companies say they cannot clearly identify the culprits. Only 39% of survey respondents say they are very confident in their attribution capabilities.
The soaring production of insecure internet-of-things (IoT) devices is creating widespread cybersecurity vulnerabilities. Rising threats to data integrity could undermine trusted systems and cause physical harm by damaging critical infrastructure.
Meanwhile, there is a wide disparity in cybersecurity preparedness among countries around the world. In our 2018 GSISS, the frequency of organisations possessing an overall cybersecurity strategy is particularly high in Japan (72%), where cyberattacks are seen as the leading national security threat, and Malaysia (74%).
In May 2017, G-7 leaders pledged to work together and with other partners to tackle cyberattacks and mitigate their impact on critical infrastructure and society. Two months later, G-20 leaders reiterated the need for cybersecurity and trust in digital technologies. The task ahead is huge.
Next steps for business leaders
So what can business leaders do to prepare effectively for cyberattacks? PwC recommends three key areas of focus:
"Few business issues permeate almost every aspect of business and commerce like cybersecurity does today," said David Burg, Global Cybersecurity Leader at PwC. "Public-private coordination is critical to effectively addressing cybersecurity."
Bruce Scott, Risk Assurance Leader for PwC in the Caribbean noted that “Beyond complying with additional regulations, we at PwC are motivated by the amount of financial data that could be impacted by the risk of cyberattacks. The upside is that these pressures have led to the fine-tuning of best practices when it comes to cybersecurity in financial services."
"When business leaders have the ability to collect the right information and convert this into actionable intelligence, they are empowered with a deeper understanding of their business, and of the drivers that impact performance. This allows for timely and better decision making.”
Notes to editors:
CIO focuses on attracting the highest concentration of enterprise CIOs and business technology executives with unparalleled peer insight and expertise on business strategy, innovation, and leadership. As organizations grow with digital transformation, CIO provides its readers with key insights on career development, including certifications, hiring practices and skills development.
The award-winning CIO portfolio—CIO.com, CIO executive programs, CIO Strategic Marketing Services, CIO Forum on LinkedIn, CIO Executive Council and CIO primary research—provides business technology leaders with analysis and insight on information technology trends and a keen understanding of IT’s role in achieving business goals. The CIO Executive Council is a professional organization of CIOs created to serve as an unbiased and trusted peer advisory group. CIO is published by IDG Communications, Inc. Company information is available at www.idg.com.
CSO is the premier content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than 15 years, CSO’s award-winning website (CSOonline.com), executive conferences, strategic marketing solutions and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience.
Based on editorial coverage and design, the Folio Eddie awards named CSOonline.com as the best BtoB Technology Website in 2015 and 2016. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Communications, Inc. Company information is available at www.idg.com.
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com/jm
© 2017 PricewaterhouseCoopers. All rights reserved. PwC refers to the Jamaica member firm and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.