Strengthening digital society against cyber shocks

How businesses can build the resilience needed to withstand disruptive cyberattacks

Massive cybersecurity breaches have become almost commonplace, regularly grabbing headlines that alarm consumers and leaders. But for all of the attention such incidents have attracted in recent years, many organizations worldwide still struggle to comprehend and manage emerging cyber risks in an increasingly complex digital society. As our reliance on data and interconnectivity swells, developing resilience to withstand cyber shocks—that is, large-scale events with cascading disruptive consequences—has never been more important.

In the 2018 Global State of Information Security® Survey (GSISS), 40% of survey respondents from organizations using robotics or automation say the disruption of operations.would be the most critical consequence of a cyberattack on those systems. Despite an awareness of disruptive cyber risks, companies often remain unprepared to deal with them.
 

Many key processes for uncovering cyber risks in business systems have been adopted by less than half of survey respondents.
 

Uncovering hidden risks

Achieving greater cyber resilience as a society and within organizations will require a more concerted effort to uncover and manage new risks inherent in emerging technologies. Organizations must have the right leadership and processes in place to drive the security measures required by digital advancements.

Many businesses are just beginning this journey: Relatively few respondents (34%) say their organizations plan to assess Internet of things (IoT) security risks across the business ecosystem.

Twenty-nine percent of respondents say CISOs bear responsibility for the internet of things (IoT) security.
 

“Many organizations need to evaluate their digital risk and focus on building resilience for the inevitable.”

Sean Joyce,PwC’s US Cybersecurity and Privacy Leader

Leadership is vital

Most corporate boards are not proactively shaping their companies’ security strategies or investment plans. Only 44% of respondents say their corporate boards actively participate in their companies’ overall security strategy. Senior leaders driving the business must take ownership of building cyber resilience. Establishing a top-down strategy to manage cyber and privacy risks across the enterprise is essential. Resilience must be integrated into business operations.

A company’s risk management strategy should be informed by a solid understanding of the cyber threats facing the organization and an awareness of which key assets require the greatest protection. There should be a coherent risk appetite framework. Leadership must drive the development of a cyber risk management culture at all levels of the organization.

Board confidence in security measures is tied to their participation in security strategy.
 

Contact us

Sean Joyce
US Cybersecurity and Privacy Leader
Tel: +1 (703) 918 3528
Email

David Burg
Global Cybersecurity and Privacy Advisory Leader
Tel: +1 (703) 918 1067
Email

Grant Waterfall
Global Cybersecurity and Privacy Assurance Leader
Tel: +1 (646) 471 7779
Email

Follow us