IT governance and cybersecurity

Overseeing a company's information technology activities is a significant challenge for directors. The rapid advancement, complex subject matter, and highly technical language used to describe emerging technologies and evolving risks can make this a very difficult area.

PwC’s Current Issues in Digital Management report estimates that by 2020, there will be seven times more networked devices than people in the world. Many companies are relying heavily on technology to get ahead, while failing to adequately address and mitigate the risks associated. Cyber risk impacts nearly all companies and is top of mind for directors.

According to US government estimates, the industry loses $300 billion annually to intellectual property theft via faulty cybersecurity.1

US CEOs (69%) are more concerned about cyber threats including lack of data security than global CEOs (48%). This fear exists even as 86% of US CEOs say technological advances will lead the way in transforming business over the next five years. Cybersecurity is now considered to be in the top five biggest threats to growth. 2

Under an executive order by President Obama in 2013, the National Institute of Standards and Technology released the Cybersecurity Framework. It is categorized into three sections: framework core, tiers, and profiles. This core section helps identify, detect, respond, and recover from threats. The tier section instructs companies how to analyze whether they have met the standards and goals required by the framework, while the profile section allows organizations to construct and track individual cybersecurity progression towards a specific goal set forth by business needs. 3

There was a noteworthy year-over-year increase in directors’ satisfaction with their company’s IT strategy and IT risk mitigation approach4. More directors now believe their company’s approach very much contributes to, and is aligned with, setting overall company strategy as well as providing the board with adequate information for effective oversight. A greater percentage also believe that their company’s approach is supported by a sufficient understanding of IT at the board level.

Cybersecurity breaches are at an all-time high. However, nearly half of directors have not discussed the company’s crisis response plan in the event of a breach and 67% have not discussed the company’s cybersecurity insurance coverage.4

Efficient IT governance and cybersecurity oversight can be facilitated by a process that is designed with the board's oversight role in mind. To better guide boards on how to take an effective oversight role, PwC developed Directors and IT―What Works Best: A user-friendly board guide for effective information technology oversight, which introduces our IT Oversight Framework, to help boards figure out their responsibility and the most effective way to oversee IT at their companies.


Other key issues

Learn what PwC has to say about IT governance and cybersecurity:

Additional information about IT governance and cybersecurity:

1 “The IP Commission Report: The Report of the Commission on the Theft of American Intellectual Property” May 2013
2 PwC’s 17th Annual Global CEO Survey, February 2014 pg. 77
3 Framework for Improving Critical Infrastructure Cybersecurity, National Institute of Standards and Technology
4 PwC’s 2014 Annual Corporate Directors Survey pg.27