As threats become more interconnected, incidents are getting costlier and more frequent, according to a new PwC survey. A systemic response rests on five key actions.
CISOs should rewrite the playbook for cyber breaches | PwC
October 19, 2023
Major cyber breaches—those costing the victimised company more than US$1 million—were up by a third over the past year, according to the findings from PwC’s latest Global Digital Trust Insights survey. What’s behind the alarming trend? One factor is the increasing interconnectedness of cyber risks.
Consider cloud-related threats, which survey respondents deemed their top concern. What might begin as a single cloud breach can quickly evolve into a persistent and multipronged infiltration, with intruders working from within company systems to extract data and leak it, for example, or launch a ransomware attack.
CISOs and their leadership teams need to respond to these growing threats imaginatively, and with a determination to break through silos. The survey zeroes in on five potential ways to do this.
- Try new ways of managing cyber risk. Use more sophisticated approaches to cyber-risk modelling, such as scanning for threats using formulas specific to your company’s sector, vision and strategy. Try creating a risk-linked performance incentive for bonus-eligible employees, or introducing a bug bounty programme that rewards independent security research. Also introduce a cloud-based, centrally managed identity solution to ensure that access to systems remains secure as your business expands and the number of users grows.
- Use gen AI and managed services to free your teams. Liberating your employees from tedious tasks that can be handled by AI—with the appropriate guardrails in place—and by managed services partnerships can give your people the time and space to ponder new ways to thwart cyber threats.
- Welcome cyber into the boardroom. Making cyber risks and controls a staple topic in the boardroom can help give CISOs a voice in how cybersecurity fits into major strategic initiatives and how it furthers business and revenue growth.
- Frame cybersecurity as more than defensive. Describing cybersecurity as a whole-of-business endeavour is a central part of the CISO’s job nowadays, but still, it can’t be said enough: securing the company against threats—to financial records, to proprietary research, to customer data, to the brand itself—is more than playing defense. The innovations engendered by these efforts can save money and help the business grow.
- Speak a new language. CISOs should talk to customers, investors and business partners in annual security reports in ways that inform and engage. Using common vocabularies—and avoiding insider terminology—can help executives wrestle with the trade-offs, tensions and chaos that happen at the epicenter of innovation.
Explore the full findings of PwC’s 2024 Global Digital Trust Insights.
Contact us
Contact us
Jiří Moser
Country Managing Partner and CEE Advisory leader, PwC Czech Republic
Tel: +420 251 152 048
Azamat Konratbayev
Managing Partner, PwC Eurasia Assurance Leader, PwC Kazakhstan
Tel: +7 727 330 3200
Mekong Territory Senior Partner and CEO for PwC Thailand, PwC Thailand
Tel: +66 (0) 2844 1000
Abdulkhamid Muminov
Partner, Eurasia Tax, Legal and People Services Leader , PwC Uzbekistan
Tel: +998 78 120 61 01
Shirley Machaba
Regional Senior Partner, PwC South Market Area, PwC South Africa
Tel: +27 (0) 11 797 5851
