Digital businesses that lead in safety, security, reliability, privacy and data ethics will be the titans of tomorrow.
If the lifeblood of the digital economy is data, its heart is digital trust—the level of confidence in people, processes, and technology to build a secure digital world. Companies, regulators, and consumers need fresh mechanisms to build confidence as they address emerging challenges in business, risk management, and compliance.
In the tradition of its predecessor, The Global State of Information Security® Survey, PwC’s inaugural Digital Trust Insights survey draws on data from 3,000 business leaders in 81 territories. We have uncovered 10 major opportunities for improvement around people, processes and technology and we have actionable advice to get you there. Digital trust is a journey—make certain you have the right people, the right tools, and the agility to reach the top.
People, Process, Technology
Engage security experts at the start of digital transformations: Nine in ten of our survey respondents at companies executing digital transformation projects say they include security and privacy personnel as stakeholders. Also, nine in ten say they include proactive management of cyber and privacy risks by design in the project plan and budget. But only 53% say that proactive risk management measures are baked into the project “fully from the start. Businesses worldwide can do better.
Upgrade your talent and leadership team: Without the right team in place, managing risks around security, privacy and ethics becomes a much steeper climb. Our findings show key roles such as chief information security officer, chief security officer, chief privacy officer, chief risk officer and chief data officer are often absent at many companies.
People, Process, Technology
Improve communications and engagement with the board of directors: Most respondents responsible for communicating with the board on cyber and privacy risks say that their company has provided the board with strategies for cybersecurity (80%) and privacy (83%), Many of these same businesses, however, may have doubts or concerns around their internal reporting on cybersecurity and privacy metrics. Only 27% of respondents say they are very comfortable that the board is receiving adequate reporting on metrics for cyber and privacy risk management.
Follow-up with process strategies that continue to build trust
Tie security to business goals: As corporate leaders aggressively adopt technology-driven business models, cybersecurity programs are increasingly misaligned with the business. Only 23% say they plan to invest over the next year in aligning business objectives with information security strategy.
Build lasting trust around data: As the amount of data in the world soars, more companies could be at risk of crossing ethical red lines as they pursue new ways to monetize it. Among businesses worth more than $100 million, only about half say they are making large investments in data governance, in creating transparency in the use and storage of data and toward increasing the control individuals have over their data.
Boost cyber resilience: Cyber resilience includes the agility of both defense and recovery capabilities. Resilient systems help companies to sustain operations when possible amid cyberattacks, and to rapidly recover in the event of disruption. Only about half of medium and large businesses in key sectors say they are building resilience to cyberattacks and other disruptive events to a large extent. And fewer than half of them say they are very comfortable their company has adequately tested its resistance to cyberattacks.
Know thy enemies: Cyber threat worries vary by industry and company size. Over the last year, concerns about state-sponsored hackers increased most in financial services (33%), while anxiety about cybercriminals spiked in consumer markets (50%) and the biggest rise in unease about industrial espionage was in the TMT sector (51%), according to respondents from medium and large businesses. Only 31% of respondents worldwide, however, say they are very comfortable their company has identified those parties who might attack its digital assets.
Be proactive in compliance: Respondents say the top digital compliance and ethics challenges worldwide include staying aware of the latest regulatory developments (41%); complying with current regulations (37%); and preparing for future regulations (34%). Brazil's data protection law is a recent example of new legislation. Perhaps the most well known example is the European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018. Fewer than half of companies worth more than $100 million say they are fully ready to comply with GDPR.
People, Process, Technology
Keep pace with emerging technology: Not surprisingly, most respondents (81%) say IoT is critical to at least some of their business. Only 39%, however, say they are very confident they are building sufficient “digital trust” controls—security, privacy and data ethics—into their adoption of IoT. (An additional 30% say they are “somewhat confident.”) In addition, only 30% list IoT security among the safeguards they plan to invest in this year.
Survey respondents have even less confidence in the sufficiency of their digital trust controls for other emerging technologies such as artificial intelligence (AI).
Although 70% of respondents say AI is critical to at least some of their business, only 31% are very comfortable they are building sufficient digital trust controls into their adoption of AI. The many possible uses of AI include early identification of potential pandemics, autonomous vehicles, and faster and more efficient cybersecurity. Only 22% of all respondents say they plan over the next year to invest in AI as a security safeguard. However this percentage is higher among medium and large companies in TMT (46%), financial services (40%), and other industries.
Asia Pacific Cybersecurity and Privacy Leader , PwC US
EMEA Cybersecurity & Privacy Leader, PwC United Kingdom