Effective cybersecurity starts at the top

PwC’s latest Global Digital Trust Insights (DTI) Survey paints a mixed picture when it comes to cyber risks: on the one hand are the more than 70% of the survey’s 3,522 respondents who said, encouragingly, their company has made improvements in cybersecurity in the past year. On the other are the mere 3% who said they’d fully mitigated the risk associated with all the cyber initiatives they’d undertaken. Given that any digital security breach is tantamount to a breach of trust in the eyes of today’s stakeholders, the reality is that cybersecurity is now everyone’s business, not just the CISO’s. The responsibility of getting that message across, and backing it up with concrete actions, falls squarely on the shoulders of the CEO, whose foremost job, after all, is building and keeping trust.

In this regard, the DTI Survey’s findings suggest that companies are moving in the right direction, with 51% of CEOs and board members saying they’ve demanded cyber risk management plans for major business or operational changes. Those kinds of big changes may be the most effective way to improve an organisation’s cyber posture—and only the CEO can instigate them. To maintain the momentum, CEOs need to speak out about their commitment to cyber. And they need to use their influence to inspire sweeping changes and remove organisational barriers to C-suite coordination. Here, too, the survey shows progress is being made, with 46% of CEOs saying they have plans in place to give their CISO more authority to drive collaboration on security in the coming year. With the pace of digitisation showing no signs of slowing, that kind of CEO-driven collaboration is more crucial than ever.