Cyber trailblazers reframe security, driving business growth

Digital Trust Insights

 
The demand for cybersecurity professionals is skyrocketing. The global cybersecurity workforce shortage will reach 1.8 million positions by 2022, one study projects. But more manpower will not render digital initiatives invulnerable to emerging risks.

The stakes are high: companies are investing in digital transformations to modernize their organizations and build new capabilities as well as to do things faster and better. They’re counting on these initiatives to propel growth and improve customer experience. The top risk arising from all these digital initiatives? Cybersecurity risk, identified by executives in survey after survey. Adding more cybersecurity professionals is not enough. Companies need to reframe what the cybersecurity professionals do and how they do their job.

What is needed is business-driven cybersecurity. That calls for reframing the security team’s mission to support the company’s strategic goals. How many companies have already started to shift their mindset in this way? And do those companies achieve better outcomes? How do the cybersecurity professionals in those organizations operate differently?

PwC’s Digital Trust Insights survey has uncovered the trailblazers—the top 25% of respondents—who are outperforming their peers in digital initiatives and security overall. Countless companies have every reason to learn from the trailblazers’ example—and now they can. We’ve created a roadmap based on the findings from our Digital Trust Insights survey of more than 3,000 executives and IT professionals worldwide.

Explore the data
 


 

Explore the trailblazers

How do we know they are trailblazers?

The trailblazers tend to be in organizations that report achieving better outcomes for the business. Among all respondents who say growing revenue is the top value sought from digital transformation efforts, nearly nine in 10 trailblazers say they are getting a payoff that meets or exceeds their expectations (compared to two thirds of the other respondents).

Businesses in this league report they are more proactive, preemptive and responsive than their peers, minimizing the operational impacts of cyber threats. For example, more than eight in 10 trailblazers say they have anticipated a new cyber risk to digital initiatives and managed it before it affected their partners or customers (compared to six in 10 of others).

The cybersecurity teams of trailblazers are far more likely to be credited with adding significant value. Eighty-six percent of trailblazers say their cybersecurity teams are considered to be adding significant value to their organizations (vs. 50% of others). Fifty-eight percent of trailblazers report that their cyber teams are very effective at managing the most acute risk stemming from digital transformation (vs. 21% of others).

Importantly, trailblazers are significantly more optimistic about the potential for growth in revenue and profit margin. Fifty-seven percent of trailblazers expect revenue to grow by 5% or more on average in the next three years (vs. 31% of others). Fifty-three percent of trailblazers expect profit margin to grow by 5% or more (vs. 28% of others).

What do the trailblazers do differently?

Trailblazers are more likely to embed their cybersecurity teams within the business to support strategic goals. They have reframed their mission from protecting assets to being a strategic partner in the organization.

They are connected integrally to the people who are crafting strategy (CEO), executing on digital initiatives (Chief Digital Officer, Chief Innovation Officer, Chief Marketing Officer, Chief Tech Officer), managing risks (Chief Risk Officer) and monitoring the business (boards).

Here are the three areas where trailblazers stand out in their connection to the business.

  • Connected on strategy. The trailblazers have cyber teams that are well versed in the business strategy. In the context of product development, for example, that could mean cyber professionals actively helping design security into products. Sixty-five percent of trailblazers strongly agree their cybersecurity team is embedded in the business, conversant in the organization’s business strategy and has a cybersecurity strategy that supports business imperatives (vs. 15% of others).
  • Connected on a risk-based approach. The vast majority of trailblazers tell us their cybersecurity teams are consistently involved in managing the risks associated with digital transformation. Eighty-nine percent of trailblazers say their cybersecurity teams are consistently involved in managing the risks inherent in the organization’s business transformation or digital initiatives (vs. 41% of others).
  • Coordinated in execution. Cyber teams in trailblazer companies are full participants in discussions around the company’s risk appetite, enabling concerted action to mitigate risks and respond to threats. Seventy-seven percent of trailblazers strongly agree their cybersecurity team has sufficient interaction with senior leaders to develop an understanding of the company’s risk appetite around core business practices (vs. 22% of others).

Who are the trailblazers?

In which industries and regions are there more likely to be trailblazers--those who excel in aligning their business and cybersecurity strategies, take a risk-based approach, and coordinate among teams that monitor and manage risks?

Not surprisingly, almost 40% of companies in our survey worth at least $1 billion are trailblazers. A third of financial services firms and 30% of tech, media and telecom businesses are included. Other sectors like industrial products; consumer markets; healthcare; pharmaceuticals and life sciences; and energy, mining, and utilities have about a quarter of their survey base in the trailblazer group. From a geographic perspective, businesses from Europe, the Middle East and Africa (EMEA) are underrepresented. Just 21% of EMEA respondents rank as trailblazers.


 

How to close the distance with trailblazers?

Striving to improve in the three dimensions where trailblazers stand out is critical for others looking to join the trailblazer group. In addition, PwC’s Digital Trust Insights has a roadmap of where companies can focus attention on closing cybersecurity gaps. It’s based on how IT professionals in our survey assessed their organizations in the many discrete categories of the US National Institute for Standards and Technology (NIST) Cybersecurity Framework. The categories roll up to five functions in the Framework: Identify, Protect, Detect, Respond, and Recover. We asked IT respondents to rank their organization in the categories using CMMI Maturity Levels.

  1. Identify is about pinpointing assets and processes that need protection—this is the least mature function among all IT respondents. Trailblazers have a clear edge in this function, although even they have room to become more proactive. Relatively few respondents assert high maturity for activities such as identifying physical and software assets within the organisation to enable asset management. Companies also need to better understand how business priorities should inform cyber risk management.
  2. Recover is the most mature function among all IT respondents. It’s also the function where trailblazers have the greatest lead. Here, other businesses could work on closing the gap with market leaders in recovery planning, incorporating lessons learned and communications.
  3. Other such gaps where the trailblazers have a clear edge include data security (under Protect), detection processes (under Detect), and response planning and improvements (under Respond).

Businesses that embed cybersecurity in every corporate action will be better positioned to deliver the advantages of digital transformation, manage related risks and build trust. That is bound to generate attention in the marketplace as today’s trailblazers—and those who join their ranks—crowd out the competition over time.

Data Explorer
 

Trailblazers
Strategy alignment
Risk-based approach
Coordination
Maturity
Outcomes
Evolving for the future
this is the question panel

Click on a filter to add or remove them from the chart

Geographies

Asia Pacific
EMEA
North America
South America

Industries

Consumer Markets
Energy, Utilities, Mining
Financial Services
Health Services
Industrial Products
Pharma/Life Sciences
Technology/Media/
Telecommunications

Size

Small (<$100M)
Medium ($100 -$999M)
Large ($1B +)

Leadership

Trailblazer
Other
Loading...

Choose a respondents group below to view their answers across all categories or view answers by all groups for one category

Choose a category below or view answers from one respondents group for all categories

 

Only one filter can be viewed at a time for polar charts. Choose which of your active filters to view below:

 

  

Contact us

Brendan Dougher

Principal, PwC US

Joseph Nocera

Principal, Cybersecurity and Privacy, PwC US

Tel: +1 (312) 298 2745

Joseph Greene

Principal, PwC US

Grant Waterfall

EMEA Cybersecurity and Privacy Leader, PwC United Kingdom

Paul O'Rourke

Asia Pacific Cybersecurity and Privacy Leader, PwC US

T.R. Kane

Principal, PwC US

Tel: 1+ (216) 875-3038

Follow us