Resilience as the new standard

Joseph Coltson Partner, National Cyber Forensics Investigations Leader, PwC Canada 06 January, 2023

Strategically strengthen your organization’s cybersecurity posture

The cyber threat landscape is becoming increasingly volatile—and as the number of incidents and breaches rises, so does cybersecurity spending overall. The vast majority of Canadian respondents to PwC’s most recent Global Digital Trust Insights survey report experiencing more exposure to cyberattacks due to increased digitization over the last two years. And nearly two-thirds expect their organization’s cyber budget to increase in 2023.

But many executives aren’t convinced all this spending is paying off. Only slightly over half (51%) of Canadian cyber decision-makers feel their organization’s cyber budget is adequate for cybersecurity to create value for their organization.

Many organizations are having trouble moving beyond the inefficient practice of isolated threat response to holistic risk awareness and mitigation. Four out of ten Canadian respondents report their organization focuses on isolated risk scenarios and how to recover from each individually, and only 57% are formally incorporating a catastrophic cyberattack into their organizational resilience plans. Organizations taking a fragmented approach to cyber are quickly losing ground to competitors: even if their overall security maturity isn’t changing, they’re spending time and resources fighting fires that should be spent on business priorities.

So what can executives do to move their organization from responding to specific crises to better awareness and mitigation of risks across their cyber ecosystem?

Where to start? Key considerations when strengthening cyber resilience

The first step is to identify exactly where your organization needs to mature. It’s crucial to make sure your workforce has the specific cyber skills needed and that your organization has access to the latest hardware and software to get visibility across the threat landscape and respond quickly and effectively to issues.

In the current environment of quickly increasing cyber threats and costs, sometimes the right move is to build a relationship with an external organization with the strategic cyber capabilities needed. This can provide an organization with the speed, agility and innovation that are crucial to building cyber resilience.

For example, we were recently engaged by a large national not-for-profit organization that had been the victim of a cyber breach.* At the time of engagement, this organization had a very limited IT capacity. By engaging with us, they were able to respond immediately to the crisis and get to a much more sophisticated security posture quickly without taking on the responsibility of setting up—and maintaining—the systems and staff needed. We’ve onboarded a number of managed cybersecurity services, and with the completion of each project, we’re strategically increasing the maturity of the organization.

Strong relationships with leadership at this organization have been integral to the process of enhancing organizational resilience. We’ve used the visibility we have across the industry, as well as intelligence from our own tech providers, to develop table-top exercises for executives. These exercises mimic a particular type of attack to give leaders insights into their readiness to respond. We’re also generating discrete playbooks that outline how to respond to specific issues. In addition to helping organizational leaders know what to do, these playbooks provide clarity around the level of support we provide.

There’s now been a measurable improvement in this organization’s ability to detect, respond and act on threats. Through biannual maturity assessments, we provide them with concrete examples of the outcomes we’ve achieved—increased strength and resilience—to share with their leadership and board.

Don’t wait and see: Take a strategic approach to cybersecurity now

We see many organizations taking a wait-and-see approach to cyber, choosing to deal with incidents or breaches as they happen rather than taking a more proactive approach. But this is an inherently risky strategy, especially for organizations maintaining personally identifiable information and/or operating internationally. And as the volume of attacks continues to increase, this approach is becoming simply untenable.

The time is now to strategically strengthen your organization’s cybersecurity posture and move towards a position of resilience. Build a cyber roadmap for your organization, and make sure all stakeholders understand it and are aware of any partnerships in place: C-suite communication around cyber is paramount. Ensure your organization is cyber-ready to secure your digital future and unlock business opportunities.

Looking to strengthen your organization’s cyber resilience and mitigate risks across your cyber ecosystem? Contact us to learn more.

* On a going-forward basis, we’re anonymizing all our clients in cyber publications to safeguard their security and privacy.

Contact us

Joseph Coltson

Joseph Coltson

Partner, National Cyber Forensics Investigations Leader, PwC Canada

Tel: +1 416 687 8262

Umang Handa

Umang Handa

Partner, National Cybersecurity Managed Services Leader, PwC Canada

Tel: +1 416 815 5208

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Follow PwC Canada